General
-
Target
JaffaCakes118_800a2fdf97e975757dd1a146d0aa32f7
-
Size
2.0MB
-
Sample
250107-31ea5svkgw
-
MD5
800a2fdf97e975757dd1a146d0aa32f7
-
SHA1
d85b2856e1f9a816dddd6c25d38d765c7b83fe76
-
SHA256
529f719598de598f4f8a9e3715f214f1cf246f6ca8e63645efae784fba9eecc8
-
SHA512
1fb8b641c44c087147b88df5eadd60014498e44b2aed043100f52b84ca58cf2279b5abc828c6d542d45247110146ec633ff63528ab94527d29ebb334897145a8
-
SSDEEP
49152:o96NRteryADpCW2G7CqreesNLsaisNeX7hwgqXn8D4E0fhbLUOq:o4NRIpcGCq/sqaisG7Vr0fh8Oq
Malware Config
Targets
-
-
Target
JaffaCakes118_800a2fdf97e975757dd1a146d0aa32f7
-
Size
2.0MB
-
MD5
800a2fdf97e975757dd1a146d0aa32f7
-
SHA1
d85b2856e1f9a816dddd6c25d38d765c7b83fe76
-
SHA256
529f719598de598f4f8a9e3715f214f1cf246f6ca8e63645efae784fba9eecc8
-
SHA512
1fb8b641c44c087147b88df5eadd60014498e44b2aed043100f52b84ca58cf2279b5abc828c6d542d45247110146ec633ff63528ab94527d29ebb334897145a8
-
SSDEEP
49152:o96NRteryADpCW2G7CqreesNLsaisNeX7hwgqXn8D4E0fhbLUOq:o4NRIpcGCq/sqaisG7Vr0fh8Oq
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1