General

  • Target

    581794cf2bc37fcec160898595045aa5_JaffaCakes118

  • Size

    445KB

  • Sample

    240718-thzdxsygrb

  • MD5

    581794cf2bc37fcec160898595045aa5

  • SHA1

    a9930c63db79298fb1ee45cd8d10163f83e700d4

  • SHA256

    b8cef5d8e3fbc1e004022c624860c67d039bda15d6c1817b710cd20051d850d1

  • SHA512

    a636a393bd629e98b9a1802999f795fdd9deb21ccffa99008c951d07140d4b06d4b3dbbaec524e0ec4c9a9c6ff3a37f645c694ef311d101694f3b60218ee5c61

  • SSDEEP

    3072:zr8WDrCu4FO8o/0XcHztMPxXBQaooCRXFLOU0jX3FO8o/0XcHztMPxXBQaoo2a1:PuA8ocMWGx8ocMWB

Malware Config

Targets

    • Target

      581794cf2bc37fcec160898595045aa5_JaffaCakes118

    • Size

      445KB

    • MD5

      581794cf2bc37fcec160898595045aa5

    • SHA1

      a9930c63db79298fb1ee45cd8d10163f83e700d4

    • SHA256

      b8cef5d8e3fbc1e004022c624860c67d039bda15d6c1817b710cd20051d850d1

    • SHA512

      a636a393bd629e98b9a1802999f795fdd9deb21ccffa99008c951d07140d4b06d4b3dbbaec524e0ec4c9a9c6ff3a37f645c694ef311d101694f3b60218ee5c61

    • SSDEEP

      3072:zr8WDrCu4FO8o/0XcHztMPxXBQaooCRXFLOU0jX3FO8o/0XcHztMPxXBQaoo2a1:PuA8ocMWGx8ocMWB

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks