Extracted

• • Target

    fefbc2779b80a4509666a819bdb6e705_JaffaCakes118

  • Size

    464KB

  • MD5

    fefbc2779b80a4509666a819bdb6e705

  • SHA1

    81e3dd2d4b6e781cc549ee365bce7121d770af44

  • SHA256

    f4da80451dd68af46429820b8dadacbce3c18273cca58fc484fdf5e32f3efccc

  • SHA512

    71e8c24dcf51d10521695509f1cbd9633beb3a7961f0976d58e7baf4976d290d0b326149e4995bdf6adece7be8cab5f9f17b6c76061c18f865bef96bf783c9cd

  • SSDEEP

    12288:3bI9DmNBbWTaifpTbwFGSGty6wyNG+LHBsXuqlbqG7znfKo5:3bI9OBbWBK1leDguqsG7zd

  Score

  10^/10

  latentbotevasionpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies firewall policy service

    evasion

  • Adds policy Run key to start application

    persistence

  • Modifies Installed Components in the registry

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2