General
-
Target
ecfcbc023a38101cb72ccdb9415f0f30_JaffaCakes118
-
Size
276KB
-
Sample
241213-19544s1qhn
-
MD5
ecfcbc023a38101cb72ccdb9415f0f30
-
SHA1
44bc603abaa9645bf92bcd66bc4082857a650d02
-
SHA256
e9dd2db83f306bea4bdec8c3b742463e8402cbf8fa97bdd1e4b29705459b327a
-
SHA512
c2d94e6d65b66dc803692fdc9c063a3617c5442b1f936a1bb2679485115df6a6e8f9107e5b9b6a3766b28ba46f416dc32d42007961c03864b8b93ee8b8d67557
-
SSDEEP
6144:f0mlvQ0gZfVDEy+OzSQumHIi3Vum7QckbA2Adg7JtrKit05X:tV1aNE1YSl/G900GN5f05X
Static task
static1
Behavioral task
behavioral1
Sample
ecfcbc023a38101cb72ccdb9415f0f30_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ecfcbc023a38101cb72ccdb9415f0f30_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
31.170.165.18 - Port:
21 - Username:
u194291799 - Password:
80997171405
Targets
-
-
Target
ecfcbc023a38101cb72ccdb9415f0f30_JaffaCakes118
-
Size
276KB
-
MD5
ecfcbc023a38101cb72ccdb9415f0f30
-
SHA1
44bc603abaa9645bf92bcd66bc4082857a650d02
-
SHA256
e9dd2db83f306bea4bdec8c3b742463e8402cbf8fa97bdd1e4b29705459b327a
-
SHA512
c2d94e6d65b66dc803692fdc9c063a3617c5442b1f936a1bb2679485115df6a6e8f9107e5b9b6a3766b28ba46f416dc32d42007961c03864b8b93ee8b8d67557
-
SSDEEP
6144:f0mlvQ0gZfVDEy+OzSQumHIi3Vum7QckbA2Adg7JtrKit05X:tV1aNE1YSl/G900GN5f05X
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-