General
-
Target
08297c1b9d19622604158a87c40ae51d_JaffaCakes118
-
Size
157KB
-
Sample
240620-vwlwesyerc
-
MD5
08297c1b9d19622604158a87c40ae51d
-
SHA1
59d5dece5f4a58bdf66c0122ec557c2873894467
-
SHA256
7b27d574844953409433e57db72deefaeb1f8ad1bf4cc249884db6590848b832
-
SHA512
a0feff3276c535af4e6fb12b697fb3604159ae0dc4be556a95e5300f918336597b4b649c19165862cfd296fa8ef308f1de2feed47d7aeccabd821f1aacedab82
-
SSDEEP
3072:sr85CSFVYkEMgapb1ilXdcfQD4KbfvL0xrE05OaLRF8eYRC:k9S5/GXdcfQDnvop9YgR+el
Behavioral task
behavioral1
Sample
08297c1b9d19622604158a87c40ae51d_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
08297c1b9d19622604158a87c40ae51d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
08297c1b9d19622604158a87c40ae51d_JaffaCakes118
-
Size
157KB
-
MD5
08297c1b9d19622604158a87c40ae51d
-
SHA1
59d5dece5f4a58bdf66c0122ec557c2873894467
-
SHA256
7b27d574844953409433e57db72deefaeb1f8ad1bf4cc249884db6590848b832
-
SHA512
a0feff3276c535af4e6fb12b697fb3604159ae0dc4be556a95e5300f918336597b4b649c19165862cfd296fa8ef308f1de2feed47d7aeccabd821f1aacedab82
-
SSDEEP
3072:sr85CSFVYkEMgapb1ilXdcfQD4KbfvL0xrE05OaLRF8eYRC:k9S5/GXdcfQDnvop9YgR+el
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1