General
-
Target
257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
-
Size
752KB
-
Sample
220611-xk3qxacdbq
-
MD5
4804aaf4e145ed7f8b0d887e8a0793b9
-
SHA1
0c272ead9fe831b963ec876a4fa83a79e54df17b
-
SHA256
257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
-
SHA512
2e5a76ad21f55bce72fed148b16ffdc38c62d04671d6bf6e81ce9f78b52d6559cd38ef9ff47382429ecb117ef4d261964ce134f3b2a65d6f3c643d5f73391923
Static task
static1
Behavioral task
behavioral1
Sample
257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
pony
http://insightthk.com/pop8dot/gphs/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Targets
-
-
Target
257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
-
Size
752KB
-
MD5
4804aaf4e145ed7f8b0d887e8a0793b9
-
SHA1
0c272ead9fe831b963ec876a4fa83a79e54df17b
-
SHA256
257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
-
SHA512
2e5a76ad21f55bce72fed148b16ffdc38c62d04671d6bf6e81ce9f78b52d6559cd38ef9ff47382429ecb117ef4d261964ce134f3b2a65d6f3c643d5f73391923
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-