General
-
Target
1a89b7d4fb8ded72e1f8e81ee9352262_JaffaCakes118
-
Size
298KB
-
Sample
240701-jzklzstflr
-
MD5
1a89b7d4fb8ded72e1f8e81ee9352262
-
SHA1
3124893ffd96050e924ad003704c6144fde50ac3
-
SHA256
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c
-
SHA512
77edf5e933116f190d8aec898c53d2ce93b8f12a1e5991eb2eb94f2c8527a82744308a5c093a238cf1d04de63080f2b37e167343531931c2e682e404a0ec2f0a
-
SSDEEP
6144:OCXTds8F4aKZJ2sg01CFBK3gbKaC2JDfTFX+L4YF+GX1D/+zH5+zNaP:FoZ6Lb5C4f4L4YFFFdzYP
Static task
static1
Behavioral task
behavioral1
Sample
1a89b7d4fb8ded72e1f8e81ee9352262_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1a89b7d4fb8ded72e1f8e81ee9352262_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
Protocol: ftp- Host:
canon222.aiq.ru - Port:
21 - Username:
u380797 - Password:
wly1fs7n
Targets
-
-
Target
1a89b7d4fb8ded72e1f8e81ee9352262_JaffaCakes118
-
Size
298KB
-
MD5
1a89b7d4fb8ded72e1f8e81ee9352262
-
SHA1
3124893ffd96050e924ad003704c6144fde50ac3
-
SHA256
3588af3f2e0bd35d34ae5dcc2e9ec9c303be9607bb5ec82acd36d856894da65c
-
SHA512
77edf5e933116f190d8aec898c53d2ce93b8f12a1e5991eb2eb94f2c8527a82744308a5c093a238cf1d04de63080f2b37e167343531931c2e682e404a0ec2f0a
-
SSDEEP
6144:OCXTds8F4aKZJ2sg01CFBK3gbKaC2JDfTFX+L4YF+GX1D/+zH5+zNaP:FoZ6Lb5C4f4L4YFFFdzYP
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-