General
-
Target
JaffaCakes118_5c27ff414d9cbf0bafdd2f23717f198c
-
Size
1015KB
-
Sample
250129-2v37ms1jbp
-
MD5
5c27ff414d9cbf0bafdd2f23717f198c
-
SHA1
0b2e93b91c8d286b28106af25b10035fb28c8f60
-
SHA256
8e9f3e0a8eb003e3524e853da31f7469a530852ebc4dfec00ba1f93cea7acd4d
-
SHA512
b5567db524a8d09b766c32a439d9fd70ede7b9c92f56aa24a305a0b0dc7269caca7a71f53e9a6f28f6ce733a69b1c7907d1a2ac2d346f22d560743d27c39e04c
-
SSDEEP
24576:H++bh/9LI4EamRPqsQp9WFYjc69a5j24or8k4+5oPe0dclbS:H+ohWamRPqsQp9WF+Qjqr8k4+5SecctS
Malware Config
Targets
-
-
Target
JaffaCakes118_5c27ff414d9cbf0bafdd2f23717f198c
-
Size
1015KB
-
MD5
5c27ff414d9cbf0bafdd2f23717f198c
-
SHA1
0b2e93b91c8d286b28106af25b10035fb28c8f60
-
SHA256
8e9f3e0a8eb003e3524e853da31f7469a530852ebc4dfec00ba1f93cea7acd4d
-
SHA512
b5567db524a8d09b766c32a439d9fd70ede7b9c92f56aa24a305a0b0dc7269caca7a71f53e9a6f28f6ce733a69b1c7907d1a2ac2d346f22d560743d27c39e04c
-
SSDEEP
24576:H++bh/9LI4EamRPqsQp9WFYjc69a5j24or8k4+5oPe0dclbS:H+ohWamRPqsQp9WF+Qjqr8k4+5SecctS
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1