Extracted

• • Target

    6fdfb8407daac12d4a0d76a034e56c29_JaffaCakes118

  • Size

    140KB

  • MD5

    6fdfb8407daac12d4a0d76a034e56c29

  • SHA1

    c0adfa4bb677b78e797638b0ca3f998f60aedf81

  • SHA256

    d6580144fbbb3fe87122ec76ffb50a9d3d49bf3cfad7afe2abb2426eaaad6e50

  • SHA512

    32d050a838865fdf174c3651ea153d5c8043fb8c41120d0c9383d8eb1328961260bf5eebfb037255b10075f1b1d57ced2da5bd922d60813ed9aed6671aded649

  • SSDEEP

    3072:sr85CrIlhaw/ZOcHKArV2vA4hUXXwhHCS:k9S7/8cHKAR34hIAH

  Score

  10^/10

  neshtasalitybackdoordiscoveryevasionpersistencespywarestealertrojanupx

  • Detect Neshta payload

  • Modifies firewall policy service

    evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2