General

  • Target

    53fbc1ac483384fc48ff96ba18cd1863_JaffaCakes118

  • Size

    768KB

  • Sample

    240717-vsmzbatfjg

  • MD5

    53fbc1ac483384fc48ff96ba18cd1863

  • SHA1

    736bb4ba9a357efde6841ae5b25306419ad0cb7c

  • SHA256

    36edbc4e966424d2b982b347ecbdbe2d8b218e41d540cb9e06d8b4ca24d09620

  • SHA512

    00d8ef73a2fcfe9a9a384cdf3d34d70ccdec0094b132d0e40e4b8debf7233ebc1f238f3d220ef65239014ddb5c6a1139366933e3e409d2835c9bded4078ffb3e

  • SSDEEP

    24576:afKb+GlrPj37VzHEA6B3vDaCCGkJ/bcXExy4V:aCtrPj37VzHEA6B/tCGAVR

Malware Config

Targets

    • Target

      53fbc1ac483384fc48ff96ba18cd1863_JaffaCakes118

    • Size

      768KB

    • MD5

      53fbc1ac483384fc48ff96ba18cd1863

    • SHA1

      736bb4ba9a357efde6841ae5b25306419ad0cb7c

    • SHA256

      36edbc4e966424d2b982b347ecbdbe2d8b218e41d540cb9e06d8b4ca24d09620

    • SHA512

      00d8ef73a2fcfe9a9a384cdf3d34d70ccdec0094b132d0e40e4b8debf7233ebc1f238f3d220ef65239014ddb5c6a1139366933e3e409d2835c9bded4078ffb3e

    • SSDEEP

      24576:afKb+GlrPj37VzHEA6B3vDaCCGkJ/bcXExy4V:aCtrPj37VzHEA6B/tCGAVR

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks