General

  • Target

    5c3d33d53dfa8817a57741950e667fb3_JaffaCakes118

  • Size

    134KB

  • Sample

    240719-ra1wnsvclr

  • MD5

    5c3d33d53dfa8817a57741950e667fb3

  • SHA1

    06d10a88f4131fdb4d753d3a2ca831bb33c807d8

  • SHA256

    185495b1bde39986af2ddf22416b498cce577ab19905c6f15af3329136b9a6f6

  • SHA512

    6227b347d9763093f1ecf278f5785a137f9638a9054a7dd8c1b5e29b6f6ac3dffc46e83255c9476bf616883aa60c46c51b6c1cb43ecbe414b1e876f26eb04488

  • SSDEEP

    1536:JxqjQ+P04wsmJCAswC2jItkyCZxX2W+1Q7O4qwGBQxTL4lwtUgS9nWRBXLBYHSNt:sr85CcRZxv+1Q76tQxfsaq0XLIu1

Malware Config

Targets

    • Target

      5c3d33d53dfa8817a57741950e667fb3_JaffaCakes118

    • Size

      134KB

    • MD5

      5c3d33d53dfa8817a57741950e667fb3

    • SHA1

      06d10a88f4131fdb4d753d3a2ca831bb33c807d8

    • SHA256

      185495b1bde39986af2ddf22416b498cce577ab19905c6f15af3329136b9a6f6

    • SHA512

      6227b347d9763093f1ecf278f5785a137f9638a9054a7dd8c1b5e29b6f6ac3dffc46e83255c9476bf616883aa60c46c51b6c1cb43ecbe414b1e876f26eb04488

    • SSDEEP

      1536:JxqjQ+P04wsmJCAswC2jItkyCZxX2W+1Q7O4qwGBQxTL4lwtUgS9nWRBXLBYHSNt:sr85CcRZxv+1Q76tQxfsaq0XLIu1

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks