General

  • Target

    JaffaCakes118_6c0edb825833fc1bbd16161d66a2a5b0

  • Size

    764KB

  • Sample

    250103-mrw7lasjhj

  • MD5

    6c0edb825833fc1bbd16161d66a2a5b0

  • SHA1

    68b95695799211fb01310d2fa3c35ea2ce5e7325

  • SHA256

    2080599d0d90fdf58a528b97998daaa5c09710856bed44981628070636f377a5

  • SHA512

    f0d2ae792d5cee759a74270b10b2026a86d44d34f1cef3638d9c72c8ec28434165dc0f7d73772273ac7f8e8da80e7744ce1d70c36789962e50639b3bc93acb2c

  • SSDEEP

    12288:UUZL4Ushx1NCozOCSFLl5s03p+wBSB8vOOLqhK/2vmIIaqOCBG:UU2l+IIJc

Malware Config

Targets

    • Target

      JaffaCakes118_6c0edb825833fc1bbd16161d66a2a5b0

    • Size

      764KB

    • MD5

      6c0edb825833fc1bbd16161d66a2a5b0

    • SHA1

      68b95695799211fb01310d2fa3c35ea2ce5e7325

    • SHA256

      2080599d0d90fdf58a528b97998daaa5c09710856bed44981628070636f377a5

    • SHA512

      f0d2ae792d5cee759a74270b10b2026a86d44d34f1cef3638d9c72c8ec28434165dc0f7d73772273ac7f8e8da80e7744ce1d70c36789962e50639b3bc93acb2c

    • SSDEEP

      12288:UUZL4Ushx1NCozOCSFLl5s03p+wBSB8vOOLqhK/2vmIIaqOCBG:UU2l+IIJc

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks