General
-
Target
JaffaCakes118_787efda7b50790043a4c525744fbd764
-
Size
158KB
-
Sample
250104-jkkcnssjbj
-
MD5
787efda7b50790043a4c525744fbd764
-
SHA1
18db458955674cf403f4d63b2755edeb22dfb1d0
-
SHA256
40fac5790294ad94003aa1699169dd279f9cd74dced6e11ba1eca6e2138d8589
-
SHA512
c83a0e5edab27aa8e070bb08d2ccd0d8d43d62a1ebbc8bb35340af267c8b402c3672b1c43df347b7b00403aa4970653574ffab06d1290625b57c886f5ed67dc9
-
SSDEEP
3072:sr85ChHSJPKL0GJoXNuWIO67v1smCicJp7T7kIkKWzmyj:k9hENuPOyv1smCRpXtWb
Malware Config
Targets
-
-
Target
JaffaCakes118_787efda7b50790043a4c525744fbd764
-
Size
158KB
-
MD5
787efda7b50790043a4c525744fbd764
-
SHA1
18db458955674cf403f4d63b2755edeb22dfb1d0
-
SHA256
40fac5790294ad94003aa1699169dd279f9cd74dced6e11ba1eca6e2138d8589
-
SHA512
c83a0e5edab27aa8e070bb08d2ccd0d8d43d62a1ebbc8bb35340af267c8b402c3672b1c43df347b7b00403aa4970653574ffab06d1290625b57c886f5ed67dc9
-
SSDEEP
3072:sr85ChHSJPKL0GJoXNuWIO67v1smCicJp7T7kIkKWzmyj:k9hENuPOyv1smCRpXtWb
Score10/10-
Detect Neshta payload
-
Modifies firewall policy service
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1