General
-
Target
1310d9ba62023dccfe079da16f37b2142cf98583d310c391db2b197dc94d3063
-
Size
8.0MB
-
Sample
220603-qsr6tafga2
-
MD5
15ada295225d1014297d76d08e3a3e6d
-
SHA1
05ee08c3c8610e37e0e1e72f7f204c31a1edd846
-
SHA256
1310d9ba62023dccfe079da16f37b2142cf98583d310c391db2b197dc94d3063
-
SHA512
c53c0daa94c1a586dbd5d97ca34ae7d162f023937601db491417c2f9832bbd61489b303e4d944a61f94d982a64d394669998745ec79ac458cb5a85abeeb1845e
Malware Config
Extracted
pony
http://cellimark.com/pop4ads/cloudgmp/gate.php
-
payload_url
http://cellimark.com/pop4ads/cloudgmp/shit.exe
Targets
-
-
Target
1310d9ba62023dccfe079da16f37b2142cf98583d310c391db2b197dc94d3063
-
Size
8.0MB
-
MD5
15ada295225d1014297d76d08e3a3e6d
-
SHA1
05ee08c3c8610e37e0e1e72f7f204c31a1edd846
-
SHA256
1310d9ba62023dccfe079da16f37b2142cf98583d310c391db2b197dc94d3063
-
SHA512
c53c0daa94c1a586dbd5d97ca34ae7d162f023937601db491417c2f9832bbd61489b303e4d944a61f94d982a64d394669998745ec79ac458cb5a85abeeb1845e
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-