General

  • Target

    JaffaCakes118_c1ebd42e9db4dd9c5d49c2daaa61a390

  • Size

    222KB

  • Sample

    250208-l6t54szmhk

  • MD5

    c1ebd42e9db4dd9c5d49c2daaa61a390

  • SHA1

    8bec7342326dcb2f010a907d9d73d5b9c221c2f4

  • SHA256

    5c4f47a39003ab90efe38d26d8f611c6f5d2cc00dee61b4b39a7d2da117e4800

  • SHA512

    d67fc30a1d553c6ef20b5870429e4b6a7bb5918e5a85ee39397112069998938e6df47ac64058901f5fcd1ef27463ccaeddd06414bd5ee3d7fa9476dc619ed347

  • SSDEEP

    3072:sr85C/qISw01IZ1yxylBev3ujZqMNh1Gny0is1iyU1Gny0is1iyW:k9/1SZ1IZ1yCvqR3RR3W

Malware Config

Targets

    • Target

      JaffaCakes118_c1ebd42e9db4dd9c5d49c2daaa61a390

    • Size

      222KB

    • MD5

      c1ebd42e9db4dd9c5d49c2daaa61a390

    • SHA1

      8bec7342326dcb2f010a907d9d73d5b9c221c2f4

    • SHA256

      5c4f47a39003ab90efe38d26d8f611c6f5d2cc00dee61b4b39a7d2da117e4800

    • SHA512

      d67fc30a1d553c6ef20b5870429e4b6a7bb5918e5a85ee39397112069998938e6df47ac64058901f5fcd1ef27463ccaeddd06414bd5ee3d7fa9476dc619ed347

    • SSDEEP

      3072:sr85C/qISw01IZ1yxylBev3ujZqMNh1Gny0is1iyU1Gny0is1iyW:k9/1SZ1IZ1yCvqR3RR3W

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks