General
-
Target
4e30517b04fb37262dfbb06223c1a74be57ce6643ac09f1e214568b242974338
-
Size
652KB
-
Sample
220720-w3geysfbel
-
MD5
8e570cbdb3289fb85221de88180c77dc
-
SHA1
f78884d8748d4de6af7300527ecb37d32c629559
-
SHA256
4e30517b04fb37262dfbb06223c1a74be57ce6643ac09f1e214568b242974338
-
SHA512
677156f870dea42174d1a36c05380dbf5a6910c96435bc7aaad9649c6d13d974f0cba0ee69c4ab5504dcf5ac53be5bd1101d29a9e22dfa7de55ab233113c3332
Malware Config
Extracted
pony
http://pldtdsll.net/setyop09/ktyuo90/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Targets
-
-
Target
4e30517b04fb37262dfbb06223c1a74be57ce6643ac09f1e214568b242974338
-
Size
652KB
-
MD5
8e570cbdb3289fb85221de88180c77dc
-
SHA1
f78884d8748d4de6af7300527ecb37d32c629559
-
SHA256
4e30517b04fb37262dfbb06223c1a74be57ce6643ac09f1e214568b242974338
-
SHA512
677156f870dea42174d1a36c05380dbf5a6910c96435bc7aaad9649c6d13d974f0cba0ee69c4ab5504dcf5ac53be5bd1101d29a9e22dfa7de55ab233113c3332
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-