General

  • Target

    5c93df1ebdaac1b44ca8d511f002a3be_JaffaCakes118

  • Size

    436KB

  • Sample

    240719-s5dkas1hnf

  • MD5

    5c93df1ebdaac1b44ca8d511f002a3be

  • SHA1

    b3c9582130e0a143ebb0ade50cf343a2f361e711

  • SHA256

    850584ec9faf4da3b2bac0b5d66829ae55527fbdb7d4268109d6da9968dbe411

  • SHA512

    3089bde8444eca475fce522907ea7fa1a542dd7b45006bbe9ebaab98b14deb3b8863f5c01e00a6d54e8964276dfa500560e62bb946199dc7f50a655183506ee4

  • SSDEEP

    12288:4mOCjTeoelU5wJwpZyJ9WwINR7AVpotED:5OCjOlUe469WBypotE

Malware Config

Targets

    • Target

      5c93df1ebdaac1b44ca8d511f002a3be_JaffaCakes118

    • Size

      436KB

    • MD5

      5c93df1ebdaac1b44ca8d511f002a3be

    • SHA1

      b3c9582130e0a143ebb0ade50cf343a2f361e711

    • SHA256

      850584ec9faf4da3b2bac0b5d66829ae55527fbdb7d4268109d6da9968dbe411

    • SHA512

      3089bde8444eca475fce522907ea7fa1a542dd7b45006bbe9ebaab98b14deb3b8863f5c01e00a6d54e8964276dfa500560e62bb946199dc7f50a655183506ee4

    • SSDEEP

      12288:4mOCjTeoelU5wJwpZyJ9WwINR7AVpotED:5OCjOlUe469WBypotE

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks