General
-
Target
JaffaCakes118_7b6c5729027a5bc368fa07a6867d54be
-
Size
296KB
-
Sample
250104-ycsreatngs
-
MD5
7b6c5729027a5bc368fa07a6867d54be
-
SHA1
1d4aac5bb183e1c130236db9939d1b842d7de839
-
SHA256
6405396548d318a96b7d7fd79bc285e57e9fc0ebdf55fec9d9997f2b56631889
-
SHA512
056527dd7f3d76b27c557594792ee948c2865a43c40de328872290e44146e37cc960966defbce11c033713bf2be01f7bf7b020f5d4a1be0cbb6f19057885bfe8
-
SSDEEP
1536:JxqjQ+P04wsmJCU4w7T5WomTyjte5YhpsP4NlJBkU4FFhJInB7Nt19em2:sr85CtwhjwyReXPkk5IBRt92
Malware Config
Targets
-
-
Target
JaffaCakes118_7b6c5729027a5bc368fa07a6867d54be
-
Size
296KB
-
MD5
7b6c5729027a5bc368fa07a6867d54be
-
SHA1
1d4aac5bb183e1c130236db9939d1b842d7de839
-
SHA256
6405396548d318a96b7d7fd79bc285e57e9fc0ebdf55fec9d9997f2b56631889
-
SHA512
056527dd7f3d76b27c557594792ee948c2865a43c40de328872290e44146e37cc960966defbce11c033713bf2be01f7bf7b020f5d4a1be0cbb6f19057885bfe8
-
SSDEEP
1536:JxqjQ+P04wsmJCU4w7T5WomTyjte5YhpsP4NlJBkU4FFhJInB7Nt19em2:sr85CtwhjwyReXPkk5IBRt92
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1