General

  • Target

    0b0b25607d239b7d384d6205d0add587_JaffaCakes118

  • Size

    40KB

  • Sample

    240621-m9fbssxcmb

  • MD5

    0b0b25607d239b7d384d6205d0add587

  • SHA1

    4fd2bc71c4140cd226fff2d5df8b7164d67cc272

  • SHA256

    25ae4e49bbd42f93942e1d1260d5c4af81a577790b126f779120eac55a014d5f

  • SHA512

    d991e425de44abbe2894998593c17def50cdae1c883fe0158ccd1d888bb6cd0cb5ddd5dd77ee757c61349d4fe6cea7ac0023728da57159224b1529f80ea7d12b

  • SSDEEP

    768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC

Malware Config

Targets

    • Target

      0b0b25607d239b7d384d6205d0add587_JaffaCakes118

    • Size

      40KB

    • MD5

      0b0b25607d239b7d384d6205d0add587

    • SHA1

      4fd2bc71c4140cd226fff2d5df8b7164d67cc272

    • SHA256

      25ae4e49bbd42f93942e1d1260d5c4af81a577790b126f779120eac55a014d5f

    • SHA512

      d991e425de44abbe2894998593c17def50cdae1c883fe0158ccd1d888bb6cd0cb5ddd5dd77ee757c61349d4fe6cea7ac0023728da57159224b1529f80ea7d12b

    • SSDEEP

      768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks