Extracted

• • Target

    79d3308bc1a57677e7939d85950f14bd_JaffaCakes118

  • Size

    188KB

  • MD5

    79d3308bc1a57677e7939d85950f14bd

  • SHA1

    7917220ee59b30d8be728f3542c866b678b77094

  • SHA256

    6c040e7ba3738791a8fe02aeac79daf54aec69e0e336abf0caef3042b998281e

  • SHA512

    0d66dfd7edab6b1d53e33c79a10e71205acfee642f0d73bed9721f593b946268f7d5d96d7861b62aae5ee5409e1f180bb5225ad0f346a8297a8695b7615005ca

  • SSDEEP

    3072:zr8WDrCfAD8v1agWBMNCJBA2U39nHQ3CgLNy+NGCpE0WmkN5OAM:PufCmatMNeCgLNyJmkNoAM

  Score

  10^/10

  metasploitneshtabackdoordiscoverypersistencespywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2