General

  • Target

    d5384c18ef7de0763d90cab185912a3e_JaffaCakes118

  • Size

    668KB

  • Sample

    241208-ezadsssmgt

  • MD5

    d5384c18ef7de0763d90cab185912a3e

  • SHA1

    397bc059fe4dd48c972d64dcfd2759b31ac42230

  • SHA256

    da24591c956431be4be74218ff61d0b29f210740b58c9e9d65588c7aedf55e86

  • SHA512

    6d129c8da31a025fa98800f3fd55b69f3adb83957c01711cc104f57fd2da0d6e7468a80ec11cd575b4c5aac0935b18d901fc5872cf603c18dc5e4a34cab79869

  • SSDEEP

    12288:zT7JFdB3lWxhE7YBkn3aAUJ05WL6fXsKXEWRgSGEeCBpsTp0owwZpjp/N0D:H7JHWxqUmnNUJYW2fX1UWRVGExQp/yD

Malware Config

Targets

    • Target

      d5384c18ef7de0763d90cab185912a3e_JaffaCakes118

    • Size

      668KB

    • MD5

      d5384c18ef7de0763d90cab185912a3e

    • SHA1

      397bc059fe4dd48c972d64dcfd2759b31ac42230

    • SHA256

      da24591c956431be4be74218ff61d0b29f210740b58c9e9d65588c7aedf55e86

    • SHA512

      6d129c8da31a025fa98800f3fd55b69f3adb83957c01711cc104f57fd2da0d6e7468a80ec11cd575b4c5aac0935b18d901fc5872cf603c18dc5e4a34cab79869

    • SSDEEP

      12288:zT7JFdB3lWxhE7YBkn3aAUJ05WL6fXsKXEWRgSGEeCBpsTp0owwZpjp/N0D:H7JHWxqUmnNUJYW2fX1UWRVGExQp/yD

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks