General
-
Target
bce37dd072dc0eeeba64a67f92e9e7c3_JaffaCakes118
-
Size
253KB
-
Sample
240618-tymeas1dpb
-
MD5
bce37dd072dc0eeeba64a67f92e9e7c3
-
SHA1
a04ad84a2dabb2271c94faced586a90f4a460584
-
SHA256
6be45f6054be1bcd7e91aab715f3e4342c3ad988d4f53ebb41cb79caea1da70b
-
SHA512
fcaa1eb9f77a8bf3018454a9d0117c70c58d0f6e332cfb674bafd752a2a823d63081b2a0116c45caeda5bb44ffd3ef1372fd8f23014db6c3f39061ee85c69947
-
SSDEEP
6144:iz+92mhAMJ/cPl3i+eLbbIv2fbj+ufiTiONUXHH/wlTekOehkQ:iK2mhAMJ/cPlQbF/XfbJX/wl/OvQ
Malware Config
Extracted
latentbot
jinyuan2012.zapto.org
Targets
-
-
Target
bce37dd072dc0eeeba64a67f92e9e7c3_JaffaCakes118
-
Size
253KB
-
MD5
bce37dd072dc0eeeba64a67f92e9e7c3
-
SHA1
a04ad84a2dabb2271c94faced586a90f4a460584
-
SHA256
6be45f6054be1bcd7e91aab715f3e4342c3ad988d4f53ebb41cb79caea1da70b
-
SHA512
fcaa1eb9f77a8bf3018454a9d0117c70c58d0f6e332cfb674bafd752a2a823d63081b2a0116c45caeda5bb44ffd3ef1372fd8f23014db6c3f39061ee85c69947
-
SSDEEP
6144:iz+92mhAMJ/cPl3i+eLbbIv2fbj+ufiTiONUXHH/wlTekOehkQ:iK2mhAMJ/cPlQbF/XfbJX/wl/OvQ
Score10/10-
Detects PlugX payload
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-