Overview

overview

10

Static

static

3

4e9595cc6f...18.exe

windows7-x64

10

4e9595cc6f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e9595cc6fdc6b91f8bbac5a85c706fe_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241016-x2arfs1eqq

  • MD5

    4e9595cc6fdc6b91f8bbac5a85c706fe

  • SHA1

    3d3a7715608c6c2b260f171289007738b53bc182

  • SHA256

    74c0f9aa5c72208dbc2a0503390ffaeb795cea3c02ff1d8444a8ec9355c1bd4d

  • SHA512

    bac7bb0b5bfff2096b4659e866a3580aeeb6d249a0b69815dbe0075391f1d98a7a4d6b9c69e37c4d53a4b577b638305a4b379e28792ccac4fab8f81052b2473b

  • SSDEEP

    24576:Eml4utdxWeUzKD3Hivk4VqA3EbpWTf5RwajTgaKQb+hFX8FXf:EYxLF3Cvk4DEbETf3TgaHKhFX8FXf

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      4e9595cc6fdc6b91f8bbac5a85c706fe_JaffaCakes118

    • Size

      1.3MB

    • MD5

      4e9595cc6fdc6b91f8bbac5a85c706fe

    • SHA1

      3d3a7715608c6c2b260f171289007738b53bc182

    • SHA256

      74c0f9aa5c72208dbc2a0503390ffaeb795cea3c02ff1d8444a8ec9355c1bd4d

    • SHA512

      bac7bb0b5bfff2096b4659e866a3580aeeb6d249a0b69815dbe0075391f1d98a7a4d6b9c69e37c4d53a4b577b638305a4b379e28792ccac4fab8f81052b2473b

    • SSDEEP

      24576:Eml4utdxWeUzKD3Hivk4VqA3EbpWTf5RwajTgaKQb+hFX8FXf:EYxLF3Cvk4DEbETf3TgaHKhFX8FXf

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks