Overview

overview

10

Static

static

10

015a1c5bab...18.exe

windows7-x64

10

015a1c5bab...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    015a1c5bab4d777f59047a010b4d1aaa_JaffaCakes118

  • Size

    6.1MB

  • Sample

    240426-wn2scaaa2s

  • MD5

    015a1c5bab4d777f59047a010b4d1aaa

  • SHA1

    48a9b0a2b5631266047e472ce963281f19afdf1a

  • SHA256

    c9368093dc396d8d8873282f06d2b8e07e910c1b7edc10101542e926b6383d7e

  • SHA512

    d7c3e07bfd1edbeabab6075bc82ed79fdd764d79d2cb6d91e898baa2cb6184d5e27457ee47045d05d8e08e2c55836b018a4977291b99105cdc106ffce71f064f

  • SSDEEP

    49152:Fl/ijN5j2Xsl3RJ3LHobUQDgok30V28PdRHCKrXOyCPO0KVso:FlerjesRJ8YQU/Q2oweSPO0KVso

Score
10/10
darkcometneshtapersistencespywarestealer

Malware Config

Targets

    • Target

      015a1c5bab4d777f59047a010b4d1aaa_JaffaCakes118

    • Size

      6.1MB

    • MD5

      015a1c5bab4d777f59047a010b4d1aaa

    • SHA1

      48a9b0a2b5631266047e472ce963281f19afdf1a

    • SHA256

      c9368093dc396d8d8873282f06d2b8e07e910c1b7edc10101542e926b6383d7e

    • SHA512

      d7c3e07bfd1edbeabab6075bc82ed79fdd764d79d2cb6d91e898baa2cb6184d5e27457ee47045d05d8e08e2c55836b018a4977291b99105cdc106ffce71f064f

    • SSDEEP

      49152:Fl/ijN5j2Xsl3RJ3LHobUQDgok30V28PdRHCKrXOyCPO0KVso:FlerjesRJ8YQU/Q2oweSPO0KVso

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks