General

  • Target

    6a873948ba1f076a4e351d40ad3755dd_JaffaCakes118

  • Size

    153KB

  • Sample

    240724-gx225svdrf

  • MD5

    6a873948ba1f076a4e351d40ad3755dd

  • SHA1

    b2a8377d28a3d29a07a498e565630e273a4998a1

  • SHA256

    928bf5badc33905cd101c9437043a9dd115a8e1dfcde0171f948f0496b82165a

  • SHA512

    1cef4669fda78f94da773599adde2c9df508177a7be579ed24b1905ebd9c36160b0e62263191669bbaecf31f1dd15838d4102bbc0462d8fafbd4538313ec753b

  • SSDEEP

    3072:Rr8WDrCr4AN+ptFDmtuZ2PM2MtouzBYWa:tur4AN+rEPsv2Wa

Malware Config

Targets

    • Target

      6a873948ba1f076a4e351d40ad3755dd_JaffaCakes118

    • Size

      153KB

    • MD5

      6a873948ba1f076a4e351d40ad3755dd

    • SHA1

      b2a8377d28a3d29a07a498e565630e273a4998a1

    • SHA256

      928bf5badc33905cd101c9437043a9dd115a8e1dfcde0171f948f0496b82165a

    • SHA512

      1cef4669fda78f94da773599adde2c9df508177a7be579ed24b1905ebd9c36160b0e62263191669bbaecf31f1dd15838d4102bbc0462d8fafbd4538313ec753b

    • SSDEEP

      3072:Rr8WDrCr4AN+ptFDmtuZ2PM2MtouzBYWa:tur4AN+rEPsv2Wa

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks