Extracted

• • Target

    JaffaCakes118_681f449dea67730957adbce0bd8913f7

  • Size

    248KB

  • MD5

    681f449dea67730957adbce0bd8913f7

  • SHA1

    80706299971fda0750f6d294bd9b6f9977868fd2

  • SHA256

    6252dccdb307ff206e294f6c1cfbef8307823d22ce1c9ab2dbd41634ab7cfac2

  • SHA512

    4e838341aa7c9e9b072ac527c0e29e4df2716bf195daf5bb7076230f007bb0b9b6b68ab8d8ce15af6b7fe08780a385d12626dad4828cdbcceffe3d6c1b1c177d

  • SSDEEP

    6144:k9XzVel6f1qmTQKuIvxMCQOlcW7yaX+7oJVXJp70dR:WzW6f1qiBuIJAOlcW7yS7JpwdR

  Score

  10^/10

  neshtadiscoverypersistencespywarestealersalitybackdoorevasionprivilege_escalationtrojanupx

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2