Overview

overview

10

Static

static

10

a5c441f27f...18.exe

windows7-x64

10

a5c441f27f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5c441f27fcbd362b5a3c9dec784e4dc_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241127-egcffawjbw

  • MD5

    a5c441f27fcbd362b5a3c9dec784e4dc

  • SHA1

    078ad59abf0bd089c9209a4bc5c539a6e1067e20

  • SHA256

    611e08ec62dd3f0cc4a407c1202781f8a35cc88b4054dcc0b53e862371fbf012

  • SHA512

    93552f4542f256d9bbf660a5bf54f64542fd816e9b3170390a6940ca3d16c313dcb25976ad23fb5e051311d073481468d9cde7ac8de11480b788bef8063d0ca4

  • SSDEEP

    24576:xblO6NWTlAaO8yWMLLLwr6jCy5SkmwiMQXIjXNLLLc:1oOtKE3sksOXK

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      a5c441f27fcbd362b5a3c9dec784e4dc_JaffaCakes118

    • Size

      1.4MB

    • MD5

      a5c441f27fcbd362b5a3c9dec784e4dc

    • SHA1

      078ad59abf0bd089c9209a4bc5c539a6e1067e20

    • SHA256

      611e08ec62dd3f0cc4a407c1202781f8a35cc88b4054dcc0b53e862371fbf012

    • SHA512

      93552f4542f256d9bbf660a5bf54f64542fd816e9b3170390a6940ca3d16c313dcb25976ad23fb5e051311d073481468d9cde7ac8de11480b788bef8063d0ca4

    • SSDEEP

      24576:xblO6NWTlAaO8yWMLLLwr6jCy5SkmwiMQXIjXNLLLc:1oOtKE3sksOXK

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks