Extracted

• • Target

    JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d

  • Size

    4.9MB

  • MD5

    3412857a3afade21f86071e2f9a7fd6d

  • SHA1

    00ce956542aae84290594a6a187d537bfe965338

  • SHA256

    42a807f5e9dcad351d3f4b41b5e16203f590ada5a75700f6e297f68a4f631081

  • SHA512

    aaf083abcb4977e0e0f5e5d76a526e8c1b1e5ef6fef7ab373b411735dc2f475a63b54f9cb03a84a5eb29fb4b6daac63591db60823b637f259fa6fddc0958ec61

  • SSDEEP

    98304:2sPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPSh9i:7PjzayuSgMKykQgSaTkvMxEYT3OfPShg

  Score

  10^/10

  neshtasalitybackdoordefense_evasiondiscoverypersistencespywarestealertrojanupx

  • Detect Neshta payload

  • Modifies firewall policy service

    defense_evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2