Overview

overview

10

Static

static

3

f86d81aef1...18.exe

windows7-x64

10

f86d81aef1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f86d81aef10838f38d61cfaee96ab6fc_JaffaCakes118

  • Size

    138KB

  • Sample

    241216-lqjz7swlek

  • MD5

    f86d81aef10838f38d61cfaee96ab6fc

  • SHA1

    5b27795141fe7d1527d5182366c2c130bea89c5d

  • SHA256

    50a618c9b07a9161921fd204d7ccbebdaac6d7fc61cc4d652089c1efe1ff21be

  • SHA512

    21045d73a4c664f38090895847af0535d233a0cba9bddf56828a767886e89002b841813cf1eaf1425c923a0e9132e4d9bd16ad1654d49f288219d8aafa9ec7e8

  • SSDEEP

    3072:zr8WDrCutmWcCTx+eqfZT2VNa1DdkJT2JQ:PuSTRl+eqfZTcCI2

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      f86d81aef10838f38d61cfaee96ab6fc_JaffaCakes118

    • Size

      138KB

    • MD5

      f86d81aef10838f38d61cfaee96ab6fc

    • SHA1

      5b27795141fe7d1527d5182366c2c130bea89c5d

    • SHA256

      50a618c9b07a9161921fd204d7ccbebdaac6d7fc61cc4d652089c1efe1ff21be

    • SHA512

      21045d73a4c664f38090895847af0535d233a0cba9bddf56828a767886e89002b841813cf1eaf1425c923a0e9132e4d9bd16ad1654d49f288219d8aafa9ec7e8

    • SSDEEP

      3072:zr8WDrCutmWcCTx+eqfZT2VNa1DdkJT2JQ:PuSTRl+eqfZTcCI2

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks