General

  • Target

    09f52e74ccd9cf04bd8b4932824c7d6b_JaffaCakes118

  • Size

    40KB

  • Sample

    240620-2wrj8swakk

  • MD5

    09f52e74ccd9cf04bd8b4932824c7d6b

  • SHA1

    bee28a9ce02fcbe02c95dd0c478d78c27b143572

  • SHA256

    2730caff8adc99beadc2a19c9d417d3a8b785f17ce63fababa4332f2c0b1db1f

  • SHA512

    201a35dd27616183b7b507a63604e0c6f783134a128ad723f6e34d2e1d45d4d16d37c744ae052ecaa48a850463edac6fb7b61e320bb636cfbc9a2de108f2edd2

  • SSDEEP

    768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC

Malware Config

Targets

    • Target

      09f52e74ccd9cf04bd8b4932824c7d6b_JaffaCakes118

    • Size

      40KB

    • MD5

      09f52e74ccd9cf04bd8b4932824c7d6b

    • SHA1

      bee28a9ce02fcbe02c95dd0c478d78c27b143572

    • SHA256

      2730caff8adc99beadc2a19c9d417d3a8b785f17ce63fababa4332f2c0b1db1f

    • SHA512

      201a35dd27616183b7b507a63604e0c6f783134a128ad723f6e34d2e1d45d4d16d37c744ae052ecaa48a850463edac6fb7b61e320bb636cfbc9a2de108f2edd2

    • SSDEEP

      768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks