General

  • Target

    5d71ad0cb7c4dc3ab6e6f3b25a163544_JaffaCakes118

  • Size

    252KB

  • Sample

    240719-ynb8ss1ame

  • MD5

    5d71ad0cb7c4dc3ab6e6f3b25a163544

  • SHA1

    fb5a12448be3651831a503856987027d16eebd88

  • SHA256

    4c5b1e80113b73b05e346dfa90b25853bed3c9ac13107ea0fcd33ce61b3c10ff

  • SHA512

    a932ac306a719067587df6759cc57e44b8e504ad29783963ff050d0a5dbd06f24cd33aa274d96888eb46790a3ebc407ec288162e2418912e6220464461c02f0b

  • SSDEEP

    6144:k9EJHUfuAgHZQ9H2TE/PgsOk3l+Augw3a:gPwZQxsE/P2Xgw3a

Malware Config

Targets

    • Target

      5d71ad0cb7c4dc3ab6e6f3b25a163544_JaffaCakes118

    • Size

      252KB

    • MD5

      5d71ad0cb7c4dc3ab6e6f3b25a163544

    • SHA1

      fb5a12448be3651831a503856987027d16eebd88

    • SHA256

      4c5b1e80113b73b05e346dfa90b25853bed3c9ac13107ea0fcd33ce61b3c10ff

    • SHA512

      a932ac306a719067587df6759cc57e44b8e504ad29783963ff050d0a5dbd06f24cd33aa274d96888eb46790a3ebc407ec288162e2418912e6220464461c02f0b

    • SSDEEP

      6144:k9EJHUfuAgHZQ9H2TE/PgsOk3l+Augw3a:gPwZQxsE/P2Xgw3a

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks