General

  • Target

    e75d27a4dec7334e548a776a58137877_JaffaCakes118

  • Size

    318KB

  • Sample

    240408-nnzzraga93

  • MD5

    e75d27a4dec7334e548a776a58137877

  • SHA1

    85e46d71cd015e4714459d2fe73f6c9a066199f5

  • SHA256

    5e9b31834d9951e950f884bea2a45bafb99c1761fbb8b7be4301467f55795d1a

  • SHA512

    28669e18a2ea427fa90f11ec4ed5f024bd3a28a4602bfe091fc6155e3b2f170f9f7f245a0912aa6cca627c6bc9802d4b39a75043c57d6d5e4c4ac3896710755f

  • SSDEEP

    6144:TKjZaimwIqlazWEIBk4ZAs3CaYo/TRg4w6kT1kYftg5d672:dZqIzW35RFn9g311kYfi6K

Malware Config

Extracted

Family

latentbot

C2

75as4d53a1sd.zapto.org

Targets

    • Target

      e75d27a4dec7334e548a776a58137877_JaffaCakes118

    • Size

      318KB

    • MD5

      e75d27a4dec7334e548a776a58137877

    • SHA1

      85e46d71cd015e4714459d2fe73f6c9a066199f5

    • SHA256

      5e9b31834d9951e950f884bea2a45bafb99c1761fbb8b7be4301467f55795d1a

    • SHA512

      28669e18a2ea427fa90f11ec4ed5f024bd3a28a4602bfe091fc6155e3b2f170f9f7f245a0912aa6cca627c6bc9802d4b39a75043c57d6d5e4c4ac3896710755f

    • SSDEEP

      6144:TKjZaimwIqlazWEIBk4ZAs3CaYo/TRg4w6kT1kYftg5d672:dZqIzW35RFn9g311kYfi6K

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks