General

  • Target

    e764564f35f8233b9a264792674887d2_JaffaCakes118

  • Size

    358KB

  • Sample

    241212-vk2shazrhz

  • MD5

    e764564f35f8233b9a264792674887d2

  • SHA1

    33d8520e18644a762f0529c6e00365677d0067d5

  • SHA256

    e9acddb4747d00754ab52d6590305ab5c3ba9ba6e849a7415e292a77479afa02

  • SHA512

    59c09d88e4cd369472862023a17ca81d7f2f3671dc4a49ba4605346da32b0faf5761290b2cea1f30090a5130c8bf0293d87710375920e067540894e20f5fa435

  • SSDEEP

    6144:jyH7xOc6H5c6HcT66vlmrpdF48rAkGR1ObhB7BL6SoOQ48AtBloP+aP1OeUeRUqO:jaw88ckW1a7BLZ8h+0EeLadeW

Malware Config

Targets

    • Target

      e764564f35f8233b9a264792674887d2_JaffaCakes118

    • Size

      358KB

    • MD5

      e764564f35f8233b9a264792674887d2

    • SHA1

      33d8520e18644a762f0529c6e00365677d0067d5

    • SHA256

      e9acddb4747d00754ab52d6590305ab5c3ba9ba6e849a7415e292a77479afa02

    • SHA512

      59c09d88e4cd369472862023a17ca81d7f2f3671dc4a49ba4605346da32b0faf5761290b2cea1f30090a5130c8bf0293d87710375920e067540894e20f5fa435

    • SSDEEP

      6144:jyH7xOc6H5c6HcT66vlmrpdF48rAkGR1ObhB7BL6SoOQ48AtBloP+aP1OeUeRUqO:jaw88ckW1a7BLZ8h+0EeLadeW

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks