neshta | f0f02bd33c34570b641fda56f5452f98_JaffaCakes118 | Triage

Sharing

General

Target

f0f02bd33c34570b641fda56f5452f98_JaffaCakes118
Size

247KB
MD5

f0f02bd33c34570b641fda56f5452f98
SHA1

71090aecf0184950c934d323af59f34a2ba58248
SHA256

5ef585d96c5e3b0413a90df2a01b44251f4d5759c2236ae7042f6aa211276c8b
SHA512

3248a2f7299e09e76853645ae4f013eea3c59c67ba9f4b4dbaf68dfa10d75755bc98eb3af5e34e7d03965f400d74734b0084e7353819537b91724bbc68ba2a92
SSDEEP

3072:sr85CIyy2RjLTuVyu7CJDgoMT3QLOoBB2W5LFrb30BRtBZZg+i2QLFrb30BRtBZ5:k9ny2RsQJ8zgLOYBFJ0BXScSJ0BXScv

Score

10^/10

neshta sodinokibi

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta
Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0f02bd33c34570b641fda56f5452f98_JaffaCakes118

Files

f0f02bd33c34570b641fda56f5452f98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ