Overview

overview

10

Static

static

3

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_62b086653f66ddba44921584c10c4330

  • Size

    385KB

  • Sample

    250102-e7nw6atlfz

  • MD5

    62b086653f66ddba44921584c10c4330

  • SHA1

    2772afdec519ffaa5e2d4da342c10165b419e2e4

  • SHA256

    58fc23a05d71564ae5c79c21d26aecc41c30ab94c17934e144985bd8fadbbadd

  • SHA512

    870484e1f14cad051ac7e526acd1ae391643a03b27fee7288f38f1e532b41292fa1a4080c1c54f2f333aadd00b4c71c2d2368799f34f5ee9869d81382ec4a564

  • SSDEEP

    6144:Pu7rop+LDFCThhRvueUgrw1JsXV6IYA3:X+LejmSska

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      JaffaCakes118_62b086653f66ddba44921584c10c4330

    • Size

      385KB

    • MD5

      62b086653f66ddba44921584c10c4330

    • SHA1

      2772afdec519ffaa5e2d4da342c10165b419e2e4

    • SHA256

      58fc23a05d71564ae5c79c21d26aecc41c30ab94c17934e144985bd8fadbbadd

    • SHA512

      870484e1f14cad051ac7e526acd1ae391643a03b27fee7288f38f1e532b41292fa1a4080c1c54f2f333aadd00b4c71c2d2368799f34f5ee9869d81382ec4a564

    • SSDEEP

      6144:Pu7rop+LDFCThhRvueUgrw1JsXV6IYA3:X+LejmSska

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks