Extracted

• • Target

    JaffaCakes118_aa1efe82b7a8462a234757d822dd2466

  • Size

    614KB

  • MD5

    aa1efe82b7a8462a234757d822dd2466

  • SHA1

    41fdc3584bfc507af135ad645b9c6fd4131b1bee

  • SHA256

    7cca4f23bd94e5cf9208a12bae1d251a38365c73a89322de96aae09be86f40bf

  • SHA512

    20e5ed625cf99b0af442d6067fb1b8c57a47d9f8d58b950b92ec1f98182e8e44ba125fc847f9c827fdde832f92a0345d077dca09dfa0c4043906507e59cb8c4c

  • SSDEEP

    6144:k9npUgSbTLYf44yKHreU8L94jDV9ULoU8LSHP0x8Taj9j2kJDg:ipU1bTLpgLG9QDV9UESitDg

  Score

  10^/10

  neshtasalitybackdoordefense_evasiondiscoverypersistencespywarestealertrojanupx

  • Detect Neshta payload

  • Modifies firewall policy service

    defense_evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Disables RegEdit via registry modification

    defense_evasion

  • Disables Task Manager via registry modification

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2