General
-
Target
0eb8062d3c7a14a325a2e5d8c325f0ba_JaffaCakes118
-
Size
810KB
-
Sample
240625-tp24dszerc
-
MD5
0eb8062d3c7a14a325a2e5d8c325f0ba
-
SHA1
18988994bee5da320a137e4e7bb4ec3ef67f4fd6
-
SHA256
572e7490570d77c3f37b52fd65dfe7eaa4d46cd716581640b567662a1fbd4831
-
SHA512
22012f6166f694e0407a87f741c4064a7f2acadf22104a63f47686977327f2c7b59d3e16db5b55b18042e2a9c5c7ffc906306c4253233504a98b450c7f8e7810
-
SSDEEP
12288:pC6Ut6RJ9mbupafIKsFzq3+lBxnX2Hf4CmmeKc1ett18n4SytyUkmgKGMsd28AeG:9MYMC2IBdUtCgiTyQdbHz3+SH4uG
Malware Config
Extracted
latentbot
1easydung69.zapto.org
2easydung69.zapto.org
3easydung69.zapto.org
4easydung69.zapto.org
5easydung69.zapto.org
6easydung69.zapto.org
7easydung69.zapto.org
8easydung69.zapto.org
Targets
-
-
Target
0eb8062d3c7a14a325a2e5d8c325f0ba_JaffaCakes118
-
Size
810KB
-
MD5
0eb8062d3c7a14a325a2e5d8c325f0ba
-
SHA1
18988994bee5da320a137e4e7bb4ec3ef67f4fd6
-
SHA256
572e7490570d77c3f37b52fd65dfe7eaa4d46cd716581640b567662a1fbd4831
-
SHA512
22012f6166f694e0407a87f741c4064a7f2acadf22104a63f47686977327f2c7b59d3e16db5b55b18042e2a9c5c7ffc906306c4253233504a98b450c7f8e7810
-
SSDEEP
12288:pC6Ut6RJ9mbupafIKsFzq3+lBxnX2Hf4CmmeKc1ett18n4SytyUkmgKGMsd28AeG:9MYMC2IBdUtCgiTyQdbHz3+SH4uG
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-