Overview

overview

10

Static

static

3

0d0c3910fb...18.exe

windows7-x64

10

0d0c3910fb...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0d0c3910fb6d9cf64e3c691a351a9d1d_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241003-ajcrrsvaln

  • MD5

    0d0c3910fb6d9cf64e3c691a351a9d1d

  • SHA1

    38c7b3d262859176c3152f3db83af88d35649196

  • SHA256

    9152b52c299e807562c96707c16606f22f49c5ef3fd027ac2ba2d31686a650c1

  • SHA512

    679969500d8a40cd4a99e4db1a22458774fe48fdfd817e94ee56af2020d4706c0cf4d1bcc52a5e9818194e51de4f7fdc65a3e11c6b5aaed13361f7a47cbab317

  • SSDEEP

    24576:GEVdWKs0KRLZQ22Z5SEaa2Hm58axYFIxIGb55E:GsctRL2JZ5p58axYFIxIL

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      0d0c3910fb6d9cf64e3c691a351a9d1d_JaffaCakes118

    • Size

      1.1MB

    • MD5

      0d0c3910fb6d9cf64e3c691a351a9d1d

    • SHA1

      38c7b3d262859176c3152f3db83af88d35649196

    • SHA256

      9152b52c299e807562c96707c16606f22f49c5ef3fd027ac2ba2d31686a650c1

    • SHA512

      679969500d8a40cd4a99e4db1a22458774fe48fdfd817e94ee56af2020d4706c0cf4d1bcc52a5e9818194e51de4f7fdc65a3e11c6b5aaed13361f7a47cbab317

    • SSDEEP

      24576:GEVdWKs0KRLZQ22Z5SEaa2Hm58axYFIxIGb55E:GsctRL2JZ5p58axYFIxIL

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks