Extracted

• • Target

    bce37dd072dc0eeeba64a67f92e9e7c3_JaffaCakes118

  • Size

    253KB

  • MD5

    bce37dd072dc0eeeba64a67f92e9e7c3

  • SHA1

    a04ad84a2dabb2271c94faced586a90f4a460584

  • SHA256

    6be45f6054be1bcd7e91aab715f3e4342c3ad988d4f53ebb41cb79caea1da70b

  • SHA512

    fcaa1eb9f77a8bf3018454a9d0117c70c58d0f6e332cfb674bafd752a2a823d63081b2a0116c45caeda5bb44ffd3ef1372fd8f23014db6c3f39061ee85c69947

  • SSDEEP

    6144:iz+92mhAMJ/cPl3i+eLbbIv2fbj+ufiTiONUXHH/wlTekOehkQ:iK2mhAMJ/cPlQbF/XfbJX/wl/OvQ

  Score

  10^/10

  latentbotplugxtrojan

  • Detects PlugX payload

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2