General

  • Target

    5903b8dcae2cc721a8745e1e63929675_JaffaCakes118

  • Size

    235KB

  • Sample

    240718-zmgbsswarn

  • MD5

    5903b8dcae2cc721a8745e1e63929675

  • SHA1

    a4dc73ba87196d55a3cb1ee13f62e8b43049848b

  • SHA256

    a9a369c075b8473f5010971439f22bb4af8d57afb5408b0063ca375134fd45db

  • SHA512

    84b797583f1e30473b5a097a70987f6aa52dc4592a7ce1f176ce2acd3fd650ac3140d6cb63afb8e1f25000d8fdd7b26e222699f55a9abe5116a9a423b8bdc842

  • SSDEEP

    6144:k9fnBCY0z7yBxt8HLVCs+bte/hD8ApH8Apv:iBFoyq5+GhIApcApv

Malware Config

Targets

    • Target

      5903b8dcae2cc721a8745e1e63929675_JaffaCakes118

    • Size

      235KB

    • MD5

      5903b8dcae2cc721a8745e1e63929675

    • SHA1

      a4dc73ba87196d55a3cb1ee13f62e8b43049848b

    • SHA256

      a9a369c075b8473f5010971439f22bb4af8d57afb5408b0063ca375134fd45db

    • SHA512

      84b797583f1e30473b5a097a70987f6aa52dc4592a7ce1f176ce2acd3fd650ac3140d6cb63afb8e1f25000d8fdd7b26e222699f55a9abe5116a9a423b8bdc842

    • SSDEEP

      6144:k9fnBCY0z7yBxt8HLVCs+bte/hD8ApH8Apv:iBFoyq5+GhIApcApv

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks