Overview

overview

10

Static

static

10

JaffaCakes...1a.exe

windows7-x64

10

JaffaCakes...1a.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_d1de04534ff3457bfb7efd36a9f6fb1a

  • Size

    318KB

  • MD5

    d1de04534ff3457bfb7efd36a9f6fb1a

  • SHA1

    377b95d97e31a7f41baa9bcddd639913437863dd

  • SHA256

    0cd908ecf19baa32f59f374f76f4eff074d85ec13ee0a7081eae7232718a5621

  • SHA512

    1b95a1b9d6dcef3100bab56405059b77cced3662064a06eb706423c409ab277a06b8cfb2ea4e699ad67fcbc18bc5d3fb5754515895ecffa7b52df05dbdf2329d

  • SSDEEP

    6144:N740IAIWrHZ/6wApVbWRemViBq6fZosBs2t0EyL+taO9r740Io:t51NQyeq6f+RKEo7

Score
10/10
neshta

Malware Config

Signatures

  • Detect Neshta payload 1 IoCs
  • Neshta family
    neshta
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_d1de04534ff3457bfb7efd36a9f6fb1a
    .exe windows:4 windows x86 arch:x86

    b34f154ec913d2d2c435cbd644e91687


    Headers

    Imports

    Sections

  • $PLUGINSDIR/StdUtils.dll
    .dll windows:5 windows x86 arch:x86

    7b79709c0d5576549eb261e3410f95f8


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WinShell.dll
    .dll windows:4 windows x86 arch:x86

    a75c904bad153f5af2c37cfdf66eba5c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d31c5eb927119d00232e4d4b0e32fcdb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:5 windows x86 arch:x86

    439074d1c01f7b16781bdf060930814a


    Headers

    Imports

    Exports

    Sections