General
-
Target
JaffaCakes118_608cee9085771d7472baba768ea53c60
-
Size
662KB
-
Sample
250101-zgp2ratjgv
-
MD5
608cee9085771d7472baba768ea53c60
-
SHA1
f206fe5ae7790b47bd44bb2ac74106fe4aa1ec25
-
SHA256
020218706196aeaae66cb4cc7cb12d0d73a78bca241e315868c4550351da6fb7
-
SHA512
d0a53a2c1459a910554516a4ac832dade2c5eef6b654f09a78b9c2bf21da27fdeedb43e4858d9380d9af113c7a4c45b871c00b5f1ed7f379e483583e733a1345
-
SSDEEP
12288:BQZy90UBZYwaMEOlogiXMJTk1BY8tIR3MWIxwZ6sFtJH73SOlBPe9uUeD:BQZynBLaMBhiXMd+BNtIGWYwV73SO7PX
Malware Config
Targets
-
-
Target
JaffaCakes118_608cee9085771d7472baba768ea53c60
-
Size
662KB
-
MD5
608cee9085771d7472baba768ea53c60
-
SHA1
f206fe5ae7790b47bd44bb2ac74106fe4aa1ec25
-
SHA256
020218706196aeaae66cb4cc7cb12d0d73a78bca241e315868c4550351da6fb7
-
SHA512
d0a53a2c1459a910554516a4ac832dade2c5eef6b654f09a78b9c2bf21da27fdeedb43e4858d9380d9af113c7a4c45b871c00b5f1ed7f379e483583e733a1345
-
SSDEEP
12288:BQZy90UBZYwaMEOlogiXMJTk1BY8tIR3MWIxwZ6sFtJH73SOlBPe9uUeD:BQZynBLaMBhiXMd+BNtIGWYwV73SO7PX
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1