General

  • Target

    52e7f5d461d1dd7c17ebf44bf1f44cb1_JaffaCakes118

  • Size

    95KB

  • Sample

    240717-pak44ssgrb

  • MD5

    52e7f5d461d1dd7c17ebf44bf1f44cb1

  • SHA1

    75cc9711df9a70ebcaead26f3f45d8d23d0f2c78

  • SHA256

    1e532518f8c549eb15c8567dbd8ba3be9bac8067e51921802b70d60c7d155be7

  • SHA512

    06c9b08fd9c6a4a30847aef61e87f3f809b369914b29cc565af9ecfc32cb6f418a2e02105ef8b06ba7c146c5be6bc07e76797c3ed6bd3883848e91f98842e468

  • SSDEEP

    1536:JxqjQ+P04wsmJCPqo60nG/7zcVTqbAR20rv7ggIoWP+i6f1OsLUHOlgmE:sr85CPz60nCDS71IoWP+i6f1OsN2mE

Malware Config

Targets

    • Target

      52e7f5d461d1dd7c17ebf44bf1f44cb1_JaffaCakes118

    • Size

      95KB

    • MD5

      52e7f5d461d1dd7c17ebf44bf1f44cb1

    • SHA1

      75cc9711df9a70ebcaead26f3f45d8d23d0f2c78

    • SHA256

      1e532518f8c549eb15c8567dbd8ba3be9bac8067e51921802b70d60c7d155be7

    • SHA512

      06c9b08fd9c6a4a30847aef61e87f3f809b369914b29cc565af9ecfc32cb6f418a2e02105ef8b06ba7c146c5be6bc07e76797c3ed6bd3883848e91f98842e468

    • SSDEEP

      1536:JxqjQ+P04wsmJCPqo60nG/7zcVTqbAR20rv7ggIoWP+i6f1OsLUHOlgmE:sr85CPz60nCDS71IoWP+i6f1OsN2mE

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks