neshta | 60292e6be9d0d5e5f82a3382e4b69fcd19362b4c30a1829787dfc6ea5462a117 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

krutilka.exe

windows7-x64

Sharing

General

Target

krutilka.exe
Size

284KB
Sample

230509-g6z9xagd9w
MD5

9b7c249034a5e5ab4f3cdd45c42bf65f
SHA1

dd803910c9b65427bd658c859cc8b5a3bb5ffc2c
SHA256

60292e6be9d0d5e5f82a3382e4b69fcd19362b4c30a1829787dfc6ea5462a117
SHA512

a1948fe2afdb67937bc90f915bf877cba8984b9883c23a677c2022197516bc88465e4c52adc0a88850723c2c3439c07007aff3e29c1beebe7fbf7510ac7b6d20
SSDEEP

6144:IekEbFTBhqoJe4ixZVhXD7OsMq8Q2k9vlc0HvMziZ:IcBhqx4ixjhT8qj2k9i8vM2Z

Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

krutilka.exe

Resource

win7-20230220-en

neshta ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  krutilka.exe
- Size
  
  284KB
- MD5
  
  9b7c249034a5e5ab4f3cdd45c42bf65f
- SHA1
  
  dd803910c9b65427bd658c859cc8b5a3bb5ffc2c
- SHA256
  
  60292e6be9d0d5e5f82a3382e4b69fcd19362b4c30a1829787dfc6ea5462a117
- SHA512
  
  a1948fe2afdb67937bc90f915bf877cba8984b9883c23a677c2022197516bc88465e4c52adc0a88850723c2c3439c07007aff3e29c1beebe7fbf7510ac7b6d20
- SSDEEP
  
  6144:IekEbFTBhqoJe4ixZVhXD7OsMq8Q2k9vlc0HvMziZ:IcBhqx4ixjhT8qj2k9i8vM2Z
Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtaramnitbankerpersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy