Overview

overview

10

Static

static

3

437d795184...18.exe

windows7-x64

10

437d795184...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    437d7951842eadb174936ad112557c14_JaffaCakes118

  • Size

    266KB

  • Sample

    241014-wmshaascpq

  • MD5

    437d7951842eadb174936ad112557c14

  • SHA1

    b07b3a263589e5e231638961aa410704564fe47d

  • SHA256

    ea03e21da75460f8b20f6f9807b9b414217ba77741505f4eb4ba269892c78b92

  • SHA512

    8cf4a8ce9c7c568cfdcdf740a4e49adcb883d889b5bd2c6244212f7030511a49b491e131bf21dff540a4f5a1b2c81821ae3dbcc2016c2f1149ccce6425dc896f

  • SSDEEP

    3072:zr8WDrCLvVOlOz+KjFmBCMj1CUd9ysqYaJsoRSTd1T2R2wFt:PuzKt97aJsg3

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      437d7951842eadb174936ad112557c14_JaffaCakes118

    • Size

      266KB

    • MD5

      437d7951842eadb174936ad112557c14

    • SHA1

      b07b3a263589e5e231638961aa410704564fe47d

    • SHA256

      ea03e21da75460f8b20f6f9807b9b414217ba77741505f4eb4ba269892c78b92

    • SHA512

      8cf4a8ce9c7c568cfdcdf740a4e49adcb883d889b5bd2c6244212f7030511a49b491e131bf21dff540a4f5a1b2c81821ae3dbcc2016c2f1149ccce6425dc896f

    • SSDEEP

      3072:zr8WDrCLvVOlOz+KjFmBCMj1CUd9ysqYaJsoRSTd1T2R2wFt:PuzKt97aJsg3

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks