Overview

overview

10

Static

static

10

046a2b0afa...18.exe

windows7-x64

10

046a2b0afa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    046a2b0afaab2481800e1689b29ee63f_JaffaCakes118

  • Size

    5.2MB

  • Sample

    240428-fhfd6age43

  • MD5

    046a2b0afaab2481800e1689b29ee63f

  • SHA1

    85a7acbdaf3e509c121d96ba2bc665e2cd21154e

  • SHA256

    9dc76174e9e89c596aeb1dfd5f85e04d1ca823f08f78ef7007e0b4d1c9e1bc51

  • SHA512

    f52cc759a61330dd13947fb8002eab5d59d7c3261f084b907f2b4d4f4addf2799a7a7cd10e5811058e33cf05cbf9e54c0e2c8eea5409156652b9324bf100e144

  • SSDEEP

    49152:Fl/ijN5j2Xsl3RJ3LHobUQDgok30nwHCTpYdOyCPOFWSytLoqU/qC8W:FlerjesRJ8YQU/ojTpdPOFstsF/1

Score
10/10
darkcometneshtapersistencespywarestealer

Malware Config

Targets

    • Target

      046a2b0afaab2481800e1689b29ee63f_JaffaCakes118

    • Size

      5.2MB

    • MD5

      046a2b0afaab2481800e1689b29ee63f

    • SHA1

      85a7acbdaf3e509c121d96ba2bc665e2cd21154e

    • SHA256

      9dc76174e9e89c596aeb1dfd5f85e04d1ca823f08f78ef7007e0b4d1c9e1bc51

    • SHA512

      f52cc759a61330dd13947fb8002eab5d59d7c3261f084b907f2b4d4f4addf2799a7a7cd10e5811058e33cf05cbf9e54c0e2c8eea5409156652b9324bf100e144

    • SSDEEP

      49152:Fl/ijN5j2Xsl3RJ3LHobUQDgok30nwHCTpYdOyCPOFWSytLoqU/qC8W:FlerjesRJ8YQU/ojTpdPOFstsF/1

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks