General
-
Target
UltimatePSN_Checker_v1.2_Updated.rar
-
Size
12.9MB
-
Sample
230423-nqzf1adb23
-
MD5
87d533c1c66e361d5ffbc6f0b32d60e3
-
SHA1
078d069e8a19c88a9b8dc3bd1219943b74ee0693
-
SHA256
06361aaa349839a3ba17de32f86e1219ef89815bfce5c45c005bc32657dd8d0b
-
SHA512
cc5f00f7bab4b2c1b9ad74acbeaf9026f82118a6f444f2f821dc8f3758bc02fb5021c61605bdb6e16a0aaaa0b4696ce4ef43f5b98621ac328e31a690ecf5ed1c
-
SSDEEP
196608:fxDo/qH7haODj3z4yAG1FNkpXTI9fPUr0E3jtxMoYaOPg7j9Rs5zTf3GkBxJB:JDo/88ssjIJUh3jRYawW9IzTfHJB
Behavioral task
behavioral1
Sample
UltimatePSN Checker v1.2 Updated/Data/resource/playstation.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
UltimatePSN Checker v1.2 Updated/UltimatePSN Checker v1.2.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
UltimatePSN Checker v1.2 Updated/Data/resource/playstation.cer
-
Size
12.9MB
-
MD5
199291e246aacb45dbad7bfe296066fa
-
SHA1
1b8727331c02190d860e26f4a74156e5d1196012
-
SHA256
b78cfa136bc15eb5cd403a4751202b56035d360438481147d87df90f7e33f65c
-
SHA512
75f37558ae706e07b73b1e4c9af73068697141107a6adcd84c55500c20cce3fb6ca2be74ce58c5ce4886c58fd9d79b8fab7a18756ee7bdece250a43dfc42939f
-
SSDEEP
196608:2uOuB3+/GmduFeQUKuQYIWitAlAm04lAg7RKKcaXePZxyvQfE60iKI8xOUfX:2aB3+/cTNuQYIWfRFKz4uwxxn
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
UltimatePSN Checker v1.2 Updated/UltimatePSN Checker v1.2.exe
-
Size
1.7MB
-
MD5
2311324a67e80be453e3e37c65548848
-
SHA1
9291ca23bb88a9cb912dba77c7b9ac2ec8d77008
-
SHA256
8fab15bad9b03141589b331b6c5e142450d73fff9025987038108103c020d5d3
-
SHA512
fdabf0ab09ba736dd87cf4c41ec18090cfab380acbce734c6b54b00249177136bad0697bf7065b31b1a68c2b519bbd9e0f6b91bf99cd39fac4c87dd2bc3b2041
-
SSDEEP
24576:znsJ39LyjbJkQFMhmC+6GD9dnBEsRybcR4I4x2eM:znsHyjtk2MYC5GDTBEsRycz
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-