General
-
Target
e8fae2f950bb7a79457c05d957006392_JaffaCakes118
-
Size
368KB
-
Sample
241213-aqqxzasnfx
-
MD5
e8fae2f950bb7a79457c05d957006392
-
SHA1
0d4a08392699c268dfcd9bafa1ca8f9e5055feac
-
SHA256
b4259c0ecf8b473142db1e4425a05528446b07973c706607cb9c37b03c0ff870
-
SHA512
8949430a3cddee9f67d67aceefe3dadda728e95ce4322ad9baa9ca3b323e32d7476fdfa49c5811f7fe4055c0b8a30ba837f7a914aa91037259bb22e06b98b87e
-
SSDEEP
6144:k9u3dsbuTWxXJtDBFP9IXBc3/EGrs5O3zdqTLxMS:P3dsbtlYRyXrsizd0LSS
Behavioral task
behavioral1
Sample
e8fae2f950bb7a79457c05d957006392_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e8fae2f950bb7a79457c05d957006392_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e8fae2f950bb7a79457c05d957006392_JaffaCakes118
-
Size
368KB
-
MD5
e8fae2f950bb7a79457c05d957006392
-
SHA1
0d4a08392699c268dfcd9bafa1ca8f9e5055feac
-
SHA256
b4259c0ecf8b473142db1e4425a05528446b07973c706607cb9c37b03c0ff870
-
SHA512
8949430a3cddee9f67d67aceefe3dadda728e95ce4322ad9baa9ca3b323e32d7476fdfa49c5811f7fe4055c0b8a30ba837f7a914aa91037259bb22e06b98b87e
-
SSDEEP
6144:k9u3dsbuTWxXJtDBFP9IXBc3/EGrs5O3zdqTLxMS:P3dsbtlYRyXrsizd0LSS
-
Detect Neshta payload
-
Gozi family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Event Triggered Execution: AppCert DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2AppCert DLLs
1Change Default File Association
1Privilege Escalation
Event Triggered Execution
2AppCert DLLs
1Change Default File Association
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1