General

  • Target

    d3fc276fec9eb196f945aa6ab8583c23_JaffaCakes118

  • Size

    568KB

  • Sample

    241207-2ns34axqht

  • MD5

    d3fc276fec9eb196f945aa6ab8583c23

  • SHA1

    000ef969b3a51b367375824b7ac6f83a8aa22aff

  • SHA256

    96f29d0132716aaa5d7b3e5826e2a50eeba63fd4d652dc2ce723bea78c2037a2

  • SHA512

    1d224077b4ae900c664bfc98bbac37cd1165c184db07bf25ab6daf9dc7bb6ee1e17672ea875cd8ae52bf6da3a887203dd0b5c05d0cf5f47a848a9f2d2f134f72

  • SSDEEP

    12288:l0U/j3mbZHj2ZyzfhKxAFzSGUm6ak1ZhiTKQQmVZBVDC:lnj3m1ZQAFeGUm6f1ZOHQKZy

Malware Config

Targets

    • Target

      d3fc276fec9eb196f945aa6ab8583c23_JaffaCakes118

    • Size

      568KB

    • MD5

      d3fc276fec9eb196f945aa6ab8583c23

    • SHA1

      000ef969b3a51b367375824b7ac6f83a8aa22aff

    • SHA256

      96f29d0132716aaa5d7b3e5826e2a50eeba63fd4d652dc2ce723bea78c2037a2

    • SHA512

      1d224077b4ae900c664bfc98bbac37cd1165c184db07bf25ab6daf9dc7bb6ee1e17672ea875cd8ae52bf6da3a887203dd0b5c05d0cf5f47a848a9f2d2f134f72

    • SSDEEP

      12288:l0U/j3mbZHj2ZyzfhKxAFzSGUm6ak1ZhiTKQQmVZBVDC:lnj3m1ZQAFeGUm6f1ZOHQKZy

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks