Overview

overview

10

Static

static

10

27719ac364...18.exe

windows7-x64

10

27719ac364...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27719ac3641d2de86f88da410e5583c4_JaffaCakes118

  • Size

    8.2MB

  • Sample

    240509-at174saf29

  • MD5

    27719ac3641d2de86f88da410e5583c4

  • SHA1

    0ffb4c7905cf1fe77026a18f17f977d66fcbe412

  • SHA256

    42b335d94b514782c1725e7d7174895096008d8c19816561b99379882b9e0170

  • SHA512

    6351fa8820a81c48bfdcc6422733b98d3a6e0904e626e2a391a94b3dd01c7b4ccfb7cb056c300736519c18e5ae656b36af234a8cfadae474afeb745f7a66af50

  • SSDEEP

    98304:FlerjesRJ8YQU/ojnPO0PjPO3RGPO7jHrciFrM:urj578YQVPNP/PS1M

Score
10/10
darkcometneshtapersistencespywarestealer

Malware Config

Targets

    • Target

      27719ac3641d2de86f88da410e5583c4_JaffaCakes118

    • Size

      8.2MB

    • MD5

      27719ac3641d2de86f88da410e5583c4

    • SHA1

      0ffb4c7905cf1fe77026a18f17f977d66fcbe412

    • SHA256

      42b335d94b514782c1725e7d7174895096008d8c19816561b99379882b9e0170

    • SHA512

      6351fa8820a81c48bfdcc6422733b98d3a6e0904e626e2a391a94b3dd01c7b4ccfb7cb056c300736519c18e5ae656b36af234a8cfadae474afeb745f7a66af50

    • SSDEEP

      98304:FlerjesRJ8YQU/ojnPO0PjPO3RGPO7jHrciFrM:urj578YQVPNP/PS1M

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks