Overview

overview

10

Static

static

10

dÖrk/._ca...rk.exe

windows7-x64

10

dÖrk/._ca...rk.exe

windows10-2004-x64

10

dÖrk/dÖrk.exe

windows7-x64

10

dÖrk/dÖrk.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c8048ddbfd3d1348d7ef8e0ec020c288_JaffaCakes118

  • Size

    649KB

  • Sample

    240829-b59jasyhqq

  • MD5

    c8048ddbfd3d1348d7ef8e0ec020c288

  • SHA1

    f39cabb2f3fe44a36dfe068baa2c3772dde9f9c2

  • SHA256

    396aa072678e0b9b2275c71c03d2a5eb00eef447d994df69c4e028ea8d565c93

  • SHA512

    22e5f9be631b64e2d5c9c41ea0e9de9060345af2f875381be160d47e65925d296b43d15afbb13e84d5d8e80c2b98e691f24fa95266e0b3b6bd3b64c33633f161

  • SSDEEP

    12288:3fdHJY7l+HXNvqYU/gAhmud5Jsy67JBOvYsaKPuAWr2FOTv:vdHqEX1prAh5dgBOvYs3er2FGv

Score
10/10
neshtadiscoverymacropersistencespywarestealer

Malware Config

Targets

    • Target

      dÖrk/._cache_dÖrk.exe

    • Size

      370KB

    • MD5

      be182cce813f062b70f82c8db420ba5d

    • SHA1

      9124e25e634ddc06d2353a2179f15e54cdb6e336

    • SHA256

      c4d796ad6a32473e4c99eedc351314e569500ab975e720c26ce5f15956b078a6

    • SHA512

      169ad660fc2bdec96691042f83dd5c5bf4bc60ef32a36e96aad5f21eeb0f5785dfbf2be58e5f8f0bc7a7b2cfb964d77fe429ae8ae682b30bd2b13e70979ef319

    • SSDEEP

      3072:sr85C9IYKyfeKNCxTIGR23KM23KM23KE23KwCljPiCunmnfOqdl0/Thq4ad2:k99II4wKCunyftlwpD

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

    • Target

      dÖrk/dÖrk.exe

    • Size

      1.9MB

    • MD5

      84990940b8776147b3719a502e1f1206

    • SHA1

      7a969717fe466f3a152c84b7c8b5d972f31bb052

    • SHA256

      f13f23ad1d3de82ea36158ccc5d626829d1eaa6776dfa2eac7884aa9d4734bb7

    • SHA512

      a700a708cab2cf011dcfb3dcd4136cb78c33822d4f43a54a349b1008d8659ac1f3b41a6ec332f5bf1b623900ff48835472242d35e921f36c3f99742f2a6a44d3

    • SSDEEP

      24576:mJ39LyjbJkQFMhmC+6GD98J39LyjbJkQFMhmC+6GD98iG1nLn9:mHyjtk2MYC5GDaHyjtk2MYC5GDOvnLn9

    Score
    10/10
    neshtadiscoverymacropersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks