Overview

overview

10

Static

static

10

54550af0f1...18.exe

windows7-x64

10

54550af0f1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54550af0f107dde46b51cb0bcd3e7045_JaffaCakes118

  • Size

    6.8MB

  • Sample

    240518-mzd1zsga2x

  • MD5

    54550af0f107dde46b51cb0bcd3e7045

  • SHA1

    a84543ec0d96e0a82751af1a920b44eb0b74ddc2

  • SHA256

    f2c71f3a7ac5f576e69a1c65eaecb7f26261fc47e907e23dc09a36f6bab4af05

  • SHA512

    fcdc87d66b84af95a2df8e4d323f2d3b8bd8011083d2b9c72ae19a35811fe034b7fa1aff7e7e7079eb3b531dd9972c79cbe97575ad4a0053c61772de20555f03

  • SSDEEP

    98304:FlerjesRJ8YQU/81L/5wQQ2qxV5qdO7jz2:urj578YQZ1LD+So7m

Score
10/10
darkcometneshtapersistencespywarestealer

Malware Config

Targets

    • Target

      54550af0f107dde46b51cb0bcd3e7045_JaffaCakes118

    • Size

      6.8MB

    • MD5

      54550af0f107dde46b51cb0bcd3e7045

    • SHA1

      a84543ec0d96e0a82751af1a920b44eb0b74ddc2

    • SHA256

      f2c71f3a7ac5f576e69a1c65eaecb7f26261fc47e907e23dc09a36f6bab4af05

    • SHA512

      fcdc87d66b84af95a2df8e4d323f2d3b8bd8011083d2b9c72ae19a35811fe034b7fa1aff7e7e7079eb3b531dd9972c79cbe97575ad4a0053c61772de20555f03

    • SSDEEP

      98304:FlerjesRJ8YQU/81L/5wQQ2qxV5qdO7jz2:urj578YQZ1LD+So7m

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks