General
-
Target
45ab3bb20ac8880d92bbecf827d1b66ae775f48c85dfe25ba223d5d1a4c0c81f
-
Size
652KB
-
Sample
220707-namghaeehq
-
MD5
3b910484d6fcc873f85bf90e505d5c40
-
SHA1
9823c9dc8de594975ad43983418ea2203f18d8ab
-
SHA256
45ab3bb20ac8880d92bbecf827d1b66ae775f48c85dfe25ba223d5d1a4c0c81f
-
SHA512
71b8d019ea3fd6c68541ed42b25dc899b42001e3912307986c75c7e994652074526ca6d3e20ba4f55a018985c16aa913d819e48c2aed9b38191f6d455fdb046e
Static task
static1
Behavioral task
behavioral1
Sample
45ab3bb20ac8880d92bbecf827d1b66ae775f48c85dfe25ba223d5d1a4c0c81f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
45ab3bb20ac8880d92bbecf827d1b66ae775f48c85dfe25ba223d5d1a4c0c81f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
pony
http://insightthk.com/pop8dot/gphs/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Targets
-
-
Target
45ab3bb20ac8880d92bbecf827d1b66ae775f48c85dfe25ba223d5d1a4c0c81f
-
Size
652KB
-
MD5
3b910484d6fcc873f85bf90e505d5c40
-
SHA1
9823c9dc8de594975ad43983418ea2203f18d8ab
-
SHA256
45ab3bb20ac8880d92bbecf827d1b66ae775f48c85dfe25ba223d5d1a4c0c81f
-
SHA512
71b8d019ea3fd6c68541ed42b25dc899b42001e3912307986c75c7e994652074526ca6d3e20ba4f55a018985c16aa913d819e48c2aed9b38191f6d455fdb046e
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-