General
-
Target
29284df8a2981573c3ed461e5af0c90a3199b4ff338d431debc126dc6d392e9f
-
Size
232KB
-
Sample
221125-xsb8xsgg59
-
MD5
5926c4ad5cfd5438fb8691fb6d7ce9d7
-
SHA1
a4b722c644c3382c2881acf8e816411c455a8a3e
-
SHA256
29284df8a2981573c3ed461e5af0c90a3199b4ff338d431debc126dc6d392e9f
-
SHA512
c60a38dd2315d12cf6ce09b7171eff4e6781d8a6b80a3c02ef38fbebf94a4ba335cc954cb9dc0fa9a66ef30b53fd64e8961ecc2d2d8c6d7f2e698d016fe2a70c
-
SSDEEP
6144:k6IeXP7PMccbGdU6mtMWUu3qhhPzU/Eyy3u:kQYbR6DWUjPzKye
Behavioral task
behavioral1
Sample
ZoralMt2/Metin2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ZoralMt2/Metin2.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
ZoralMt2/Metin2.exe
-
Size
619KB
-
MD5
aac0d0a0ee44507e808062e7490182ab
-
SHA1
90c0bad36477ad99961eac4f5eab433821d286d1
-
SHA256
faccfbbdc313a2f4b1d80119de898312b8fd84f586c4d5cf2482382910940f1b
-
SHA512
f999ce49df95145891ba3d9e268556d61c50a6b0e75edc39909dac916546bae900b2f35538780b4f5dff005dafe5ec6d043cdb34068836d0ca43e9027aa80124
-
SSDEEP
3072:sr85CdAnnnnnnnnnnnnnnnnttKR7EEusaY89j+sEoyV5/hH1ARqAnnnnnnnnnnn2:k9d2gR7Tusa99j+qouY2gR7Tusa99j+B
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-