General

  • Target

    6ee2ea6f59731683a9e25f54547a67d9_JaffaCakes118

  • Size

    406KB

  • Sample

    240725-kqf3wasbpb

  • MD5

    6ee2ea6f59731683a9e25f54547a67d9

  • SHA1

    fd9feb78407c0868cd1b2bccfcc5f971624d6869

  • SHA256

    ab720e78e015dcbed2130d8eb150b383cde885101c8ef77cc4b7d5eb631afc95

  • SHA512

    f8ef83ec58072b96159579a6c0df9706e035d171c5c79e4d34217f016ba0fdc396a75f6b9e79a25fcf19a8fdb57617e521bbd2c0148637ffc5a2b1a62b6bbbfb

  • SSDEEP

    12288:iM5Z5XHwddPH53uGFwL2aT9C/iF9JQvnaF:h5Z5XQddPH53uWaTDavnaF

Malware Config

Targets

    • Target

      6ee2ea6f59731683a9e25f54547a67d9_JaffaCakes118

    • Size

      406KB

    • MD5

      6ee2ea6f59731683a9e25f54547a67d9

    • SHA1

      fd9feb78407c0868cd1b2bccfcc5f971624d6869

    • SHA256

      ab720e78e015dcbed2130d8eb150b383cde885101c8ef77cc4b7d5eb631afc95

    • SHA512

      f8ef83ec58072b96159579a6c0df9706e035d171c5c79e4d34217f016ba0fdc396a75f6b9e79a25fcf19a8fdb57617e521bbd2c0148637ffc5a2b1a62b6bbbfb

    • SSDEEP

      12288:iM5Z5XHwddPH53uGFwL2aT9C/iF9JQvnaF:h5Z5XQddPH53uWaTDavnaF

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks