Overview

overview

10

Static

static

10

0dddadfce1...18.exe

windows7-x64

10

0dddadfce1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dddadfce1989ea3c0593480989ad61f_JaffaCakes118

  • Size

    9.0MB

  • Sample

    240502-h6lxysed26

  • MD5

    0dddadfce1989ea3c0593480989ad61f

  • SHA1

    32093f0eba0a33e695022c34d0ccc29aeb30094f

  • SHA256

    bbcc180cf81bb2b8dc96a0253174c3d754589b1817ecca2f1a6c9ca4e303485e

  • SHA512

    c22eed107b75cfa77af56a9a9a27ec5a1de242481bfea738d85e6a9d05d5ca1f2e09242a19b75d5b53f8490fc027ed96b5223161620e1c68bf93cb0cafba3354

  • SSDEEP

    98304:FlerjesRJ8YQU//8K+JLzPO0FN12mMrm1RF4sXKfV8ZsoYoT5q2e5:urj578YQA+JP51uyHF3soYos/

Score
10/10
darkcometneshtapersistencespywarestealer

Malware Config

Targets

    • Target

      0dddadfce1989ea3c0593480989ad61f_JaffaCakes118

    • Size

      9.0MB

    • MD5

      0dddadfce1989ea3c0593480989ad61f

    • SHA1

      32093f0eba0a33e695022c34d0ccc29aeb30094f

    • SHA256

      bbcc180cf81bb2b8dc96a0253174c3d754589b1817ecca2f1a6c9ca4e303485e

    • SHA512

      c22eed107b75cfa77af56a9a9a27ec5a1de242481bfea738d85e6a9d05d5ca1f2e09242a19b75d5b53f8490fc027ed96b5223161620e1c68bf93cb0cafba3354

    • SSDEEP

      98304:FlerjesRJ8YQU//8K+JLzPO0FN12mMrm1RF4sXKfV8ZsoYoT5q2e5:urj578YQA+JP51uyHF3soYos/

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks