General

  • Target

    57cb46a1ada74a0b0560cf3a2a2740f3_JaffaCakes118

  • Size

    388KB

  • Sample

    240718-rymc7asfqr

  • MD5

    57cb46a1ada74a0b0560cf3a2a2740f3

  • SHA1

    768837d5c015beda855a4cad84488f7026c0892b

  • SHA256

    7c8e34822e062a4fb7dd9349caf89ba97f3eff3863629e38291586ec1828f1d7

  • SHA512

    d49e19cbf21e3d57c73cdd45847c35d89d55f8f5b440eed95fb3c510f6344941595210ecd8254eb06ebdc8683b2c8648e683c779acbafe2216dd46189dd7a2f7

  • SSDEEP

    6144:k91oHq1KZe75Q8QbpkirLauxyxPS5djYQ/MVCCkmmf3sAdWFaNIzBfv:O8W8NIRv

Malware Config

Targets

    • Target

      57cb46a1ada74a0b0560cf3a2a2740f3_JaffaCakes118

    • Size

      388KB

    • MD5

      57cb46a1ada74a0b0560cf3a2a2740f3

    • SHA1

      768837d5c015beda855a4cad84488f7026c0892b

    • SHA256

      7c8e34822e062a4fb7dd9349caf89ba97f3eff3863629e38291586ec1828f1d7

    • SHA512

      d49e19cbf21e3d57c73cdd45847c35d89d55f8f5b440eed95fb3c510f6344941595210ecd8254eb06ebdc8683b2c8648e683c779acbafe2216dd46189dd7a2f7

    • SSDEEP

      6144:k91oHq1KZe75Q8QbpkirLauxyxPS5djYQ/MVCCkmmf3sAdWFaNIzBfv:O8W8NIRv

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks