Overview

overview

10

Static

static

3

32108bd271...18.exe

windows7-x64

10

32108bd271...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32108bd2710ad6e446e2a9ae7c56bff6_JaffaCakes118

  • Size

    364KB

  • Sample

    241010-2c4epavfrp

  • MD5

    32108bd2710ad6e446e2a9ae7c56bff6

  • SHA1

    7eec7141af3bfc04af9017d2259f4115916a56ee

  • SHA256

    938a4f66e8d694b129da1443341cdb731d9d6d8410d4d8ca90700b76f9e0e719

  • SHA512

    3a7cb00bd8718eb524f321bb5e5cf403f9a546de1c56bed105a88f6dbc273914e7463942db05164d2a3d4c8001c2821cbd8c35fae65c4b5c0d7ccf62545be316

  • SSDEEP

    6144:PuqgQ/Y2iY1fHAmRd3VVdqM182P906ZY94NGTuq:xxx1fgm7VVUMDVI9O

Score
10/10
neshtaadwarediscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      32108bd2710ad6e446e2a9ae7c56bff6_JaffaCakes118

    • Size

      364KB

    • MD5

      32108bd2710ad6e446e2a9ae7c56bff6

    • SHA1

      7eec7141af3bfc04af9017d2259f4115916a56ee

    • SHA256

      938a4f66e8d694b129da1443341cdb731d9d6d8410d4d8ca90700b76f9e0e719

    • SHA512

      3a7cb00bd8718eb524f321bb5e5cf403f9a546de1c56bed105a88f6dbc273914e7463942db05164d2a3d4c8001c2821cbd8c35fae65c4b5c0d7ccf62545be316

    • SSDEEP

      6144:PuqgQ/Y2iY1fHAmRd3VVdqM182P906ZY94NGTuq:xxx1fgm7VVUMDVI9O

    Score
    10/10
    neshtaadwarediscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks