Extracted

• • Target

    JaffaCakes118_813224d4b14fbe6b2579eb3052ec75a9

  • Size

    141KB

  • MD5

    813224d4b14fbe6b2579eb3052ec75a9

  • SHA1

    7446d40aab75de3288667941795eb08cec01a74a

  • SHA256

    29fb962061a2dc06e0c8bf06a9cd00562ce275d15e21f94d4c3e35eef282bccb

  • SHA512

    0bcca420506eb3ba631842fdc40037c69f22fd9e6ca77dc9ed782b0270ca474657ef889ee0858adf0a74892b1fce307763e97107289d112e2fb278b656423786

  • SSDEEP

    1536:JxqjQ+P04wsmJCUvw3AlwF8oodD+6jNX6e2/mGbo+7IuB7YLPrKyON3lPWgC/xXG:sr85CQw3A+cxV2p37zgrvoF3O4T7oYB

  Score

  10^/10

  neshtasalitybackdoordefense_evasiondiscoverypersistencespywarestealertrojanupx

  • Detect Neshta payload

  • Modifies firewall policy service

    defense_evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2