Overview

overview

10

Static

static

10

JaffaCakes...62.exe

windows7-x64

10

JaffaCakes...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_69d90a359cd83170ccfbb4e9a55b8962

  • Size

    933KB

  • Sample

    250103-dldcvszmak

  • MD5

    69d90a359cd83170ccfbb4e9a55b8962

  • SHA1

    1bf4b9dbf33476992bf2ac2a21bdaa7e32858b8f

  • SHA256

    71fa6ab02f64249fa833addcd9fd3c9a4eff39d86aa4600e8a7d7b893b9025a2

  • SHA512

    7db9ef6a2b7a1bb3579c6d256d056794132a7a78c046ff96d4848d85c7101bdbb28d5e9c35bd1c1b058611409f3898c0abe8942dc504b3d7775f60c0bc10f74f

  • SSDEEP

    24576:fFogjj5Cc2hPoDvBclPlwnRK0k+SJUWH/S3PfyOZCJ:fu+ZK2KcSaWHqXyOi

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      JaffaCakes118_69d90a359cd83170ccfbb4e9a55b8962

    • Size

      933KB

    • MD5

      69d90a359cd83170ccfbb4e9a55b8962

    • SHA1

      1bf4b9dbf33476992bf2ac2a21bdaa7e32858b8f

    • SHA256

      71fa6ab02f64249fa833addcd9fd3c9a4eff39d86aa4600e8a7d7b893b9025a2

    • SHA512

      7db9ef6a2b7a1bb3579c6d256d056794132a7a78c046ff96d4848d85c7101bdbb28d5e9c35bd1c1b058611409f3898c0abe8942dc504b3d7775f60c0bc10f74f

    • SSDEEP

      24576:fFogjj5Cc2hPoDvBclPlwnRK0k+SJUWH/S3PfyOZCJ:fu+ZK2KcSaWHqXyOi

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks