General
-
Target
6b7b7e02845dcf494ba7d863d2c6f405_JaffaCakes118
-
Size
131KB
-
Sample
240724-n5574avejj
-
MD5
6b7b7e02845dcf494ba7d863d2c6f405
-
SHA1
25d6ddc32befca306701035812aab38a274d9602
-
SHA256
dd7ca7da28e22a79895bfefd918e85fe6db830176b08eb541814cdae9e7ec5bc
-
SHA512
a8520052506b15691a9280d081e3ffaead8cca438d45b45d24f22c65ff73bb81122247cf9f93d0739c71f346bec8ce3c2ad7f1f33b5fa6baab657ebe1d4c7cd4
-
SSDEEP
1536:JxqjQ+P04wsmJCRIK5X6nh8O5h7i57m8P1GvBstWOI57zZiADyya8utKfBi2iDXm:sr85CRynWOEHastWPidyFutM02/
Behavioral task
behavioral1
Sample
6b7b7e02845dcf494ba7d863d2c6f405_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
6b7b7e02845dcf494ba7d863d2c6f405_JaffaCakes118
-
Size
131KB
-
MD5
6b7b7e02845dcf494ba7d863d2c6f405
-
SHA1
25d6ddc32befca306701035812aab38a274d9602
-
SHA256
dd7ca7da28e22a79895bfefd918e85fe6db830176b08eb541814cdae9e7ec5bc
-
SHA512
a8520052506b15691a9280d081e3ffaead8cca438d45b45d24f22c65ff73bb81122247cf9f93d0739c71f346bec8ce3c2ad7f1f33b5fa6baab657ebe1d4c7cd4
-
SSDEEP
1536:JxqjQ+P04wsmJCRIK5X6nh8O5h7i57m8P1GvBstWOI57zZiADyya8utKfBi2iDXm:sr85CRynWOEHastWPidyFutM02/
-
Detect Neshta payload
-
Modifies firewall policy service
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Pre-OS Boot
1Bootkit
1