Overview

overview

10

Static

static

10

047bd4707c...18.exe

windows7-x64

10

047bd4707c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    047bd4707c67b43c6386f09b9bf600df_JaffaCakes118

  • Size

    6.8MB

  • Sample

    240428-gahpzshb66

  • MD5

    047bd4707c67b43c6386f09b9bf600df

  • SHA1

    e3d4acf2c7615da3f08fd4c18d3a7ede24a20a56

  • SHA256

    a4240bee0f61206c372f04950fcbce24859e983ed1d274262e8917b89769dd2e

  • SHA512

    8b84d6208586718d189dfd28d958ada70b5036fdc8d1885090aa8f9c99c15a55d428578340d6a52c4f4adc097c0b2098be21c75a930578fc9425ee294a15c382

  • SSDEEP

    98304:FlerjesRJ8YQU/e51q0V8ZjmMrm1RF4j+POoo35we5nPOE1E1:urj578YQP1qbryHFvP83/FPx1E1

Score
10/10
darkcometneshtapersistencespywarestealer

Malware Config

Targets

    • Target

      047bd4707c67b43c6386f09b9bf600df_JaffaCakes118

    • Size

      6.8MB

    • MD5

      047bd4707c67b43c6386f09b9bf600df

    • SHA1

      e3d4acf2c7615da3f08fd4c18d3a7ede24a20a56

    • SHA256

      a4240bee0f61206c372f04950fcbce24859e983ed1d274262e8917b89769dd2e

    • SHA512

      8b84d6208586718d189dfd28d958ada70b5036fdc8d1885090aa8f9c99c15a55d428578340d6a52c4f4adc097c0b2098be21c75a930578fc9425ee294a15c382

    • SSDEEP

      98304:FlerjesRJ8YQU/e51q0V8ZjmMrm1RF4j+POoo35we5nPOE1E1:urj578YQP1qbryHFvP83/FPx1E1

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks