General
-
Target
99a103155ddb90407658098165eb203c_JaffaCakes118
-
Size
289KB
-
Sample
241125-gnlc2axrhj
-
MD5
99a103155ddb90407658098165eb203c
-
SHA1
9008585ddea5cd4ea2a615e181e9fe8219438504
-
SHA256
15509718f5a7bf41db2a2bba4f1a39f2bc4109489a1bf30bbc43ae7ca49be093
-
SHA512
abc85fb258e5f49491da5addbffb42e809f3b9387a12b248f9971bc8629a7595d4f6858d709952bf23cb60075ae78bae1ad88925c4eecb9de0d1ea4d1e817515
-
SSDEEP
3072:sr85COpueT/+8LHXDx0Ka+X/XNA+wUHtp+Tpqij9PV+7U:k9U9wctSpqij9F
Malware Config
Targets
-
-
Target
99a103155ddb90407658098165eb203c_JaffaCakes118
-
Size
289KB
-
MD5
99a103155ddb90407658098165eb203c
-
SHA1
9008585ddea5cd4ea2a615e181e9fe8219438504
-
SHA256
15509718f5a7bf41db2a2bba4f1a39f2bc4109489a1bf30bbc43ae7ca49be093
-
SHA512
abc85fb258e5f49491da5addbffb42e809f3b9387a12b248f9971bc8629a7595d4f6858d709952bf23cb60075ae78bae1ad88925c4eecb9de0d1ea4d1e817515
-
SSDEEP
3072:sr85COpueT/+8LHXDx0Ka+X/XNA+wUHtp+Tpqij9PV+7U:k9U9wctSpqij9F
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-