Overview

overview

10

Static

static

3

3211fb257b...18.exe

windows7-x64

10

3211fb257b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3211fb257bb634726e4897f65477708b_JaffaCakes118

  • Size

    297KB

  • Sample

    241010-2dzswsvgkr

  • MD5

    3211fb257bb634726e4897f65477708b

  • SHA1

    5cc6d72aaa4b986e3c3447b4d32468a4353902aa

  • SHA256

    961fcc4c0b3ca9d9f553d39227ca0629cc01f3eab3bf681c1644f9134f184727

  • SHA512

    ae3f06d9e430c8e349883eadd47568b70c4cc20ca84aa0e98c249ebf4e3160766ab59ea7f659b761de39498a802f4954c6e621805ff48df98a3df29361b0982e

  • SSDEEP

    6144:PuivkfYlPm3zKJbTP+W0aHwpALVWrRmyEu:Bg92TWW0WwO5WU

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      3211fb257bb634726e4897f65477708b_JaffaCakes118

    • Size

      297KB

    • MD5

      3211fb257bb634726e4897f65477708b

    • SHA1

      5cc6d72aaa4b986e3c3447b4d32468a4353902aa

    • SHA256

      961fcc4c0b3ca9d9f553d39227ca0629cc01f3eab3bf681c1644f9134f184727

    • SHA512

      ae3f06d9e430c8e349883eadd47568b70c4cc20ca84aa0e98c249ebf4e3160766ab59ea7f659b761de39498a802f4954c6e621805ff48df98a3df29361b0982e

    • SSDEEP

      6144:PuivkfYlPm3zKJbTP+W0aHwpALVWrRmyEu:Bg92TWW0WwO5WU

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks