General

  • Target

    57ad762a05dce31095fe33855a418707_JaffaCakes118

  • Size

    499KB

  • Sample

    240718-q9wwbs1fqq

  • MD5

    57ad762a05dce31095fe33855a418707

  • SHA1

    b08a6b87f438000102555a7884ae3229bd1a4559

  • SHA256

    244c29ffd593afb68cace808aa94cc998b2ecff9b0ac0ff7da0896a652452420

  • SHA512

    02dd291e18c23a03d05698b7b730c3bb22014c45c6c410c0f76cbd133c433286c5226c9c45724f93fa6b97652f8646bd70b0dc6fa8b75ca89d040b5d0ff1a2b6

  • SSDEEP

    3072:sr85CioXlY7b55h8WLw/a0t6Mdt33C846aazH1irw8jh:k9iqY7Y6MA6NVirw8t

Malware Config

Targets

    • Target

      57ad762a05dce31095fe33855a418707_JaffaCakes118

    • Size

      499KB

    • MD5

      57ad762a05dce31095fe33855a418707

    • SHA1

      b08a6b87f438000102555a7884ae3229bd1a4559

    • SHA256

      244c29ffd593afb68cace808aa94cc998b2ecff9b0ac0ff7da0896a652452420

    • SHA512

      02dd291e18c23a03d05698b7b730c3bb22014c45c6c410c0f76cbd133c433286c5226c9c45724f93fa6b97652f8646bd70b0dc6fa8b75ca89d040b5d0ff1a2b6

    • SSDEEP

      3072:sr85CioXlY7b55h8WLw/a0t6Mdt33C846aazH1irw8jh:k9iqY7Y6MA6NVirw8t

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks