Overview

overview

10

Static

static

3

4bbbf95d1e...18.exe

windows7-x64

10

4bbbf95d1e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bbbf95d1e9e08e941793d09025b64ba_JaffaCakes118

  • Size

    960KB

  • Sample

    241016-g3lmca1dlr

  • MD5

    4bbbf95d1e9e08e941793d09025b64ba

  • SHA1

    f7daf40baa402ac821da552e523b6cf320fbb0a8

  • SHA256

    f7260b1a600e49566d16d95e98011a1530bda3eecc47cc1c4b37af3403b2e0af

  • SHA512

    a7e52d2f0f62ed4626fc1f9c81058d102a61114e7fbacec8d78b41c7b69e8d72f1721a44c66d03659a8c19fc161dc4ba025305a9f97b65c5b0d1a49cf88d90a2

  • SSDEEP

    24576:4wOLewpgW2Ie1HcRAVJlI7P6VBeMMMMMMmrv:4DiwpgQLRAVJcCVAMMMMMMmrv

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      4bbbf95d1e9e08e941793d09025b64ba_JaffaCakes118

    • Size

      960KB

    • MD5

      4bbbf95d1e9e08e941793d09025b64ba

    • SHA1

      f7daf40baa402ac821da552e523b6cf320fbb0a8

    • SHA256

      f7260b1a600e49566d16d95e98011a1530bda3eecc47cc1c4b37af3403b2e0af

    • SHA512

      a7e52d2f0f62ed4626fc1f9c81058d102a61114e7fbacec8d78b41c7b69e8d72f1721a44c66d03659a8c19fc161dc4ba025305a9f97b65c5b0d1a49cf88d90a2

    • SSDEEP

      24576:4wOLewpgW2Ie1HcRAVJlI7P6VBeMMMMMMmrv:4DiwpgQLRAVJcCVAMMMMMMmrv

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks