Extracted

• • Target

    1df3e22f5fc25ab21e3fb89684818d46_JaffaCakes118

  • Size

    1.4MB

  • MD5

    1df3e22f5fc25ab21e3fb89684818d46

  • SHA1

    d72729754bd91f0f1d0b039583c28f7d03839523

  • SHA256

    8f4d46ef3df58b4b056302f5128dea4406c5ec321ca0aef51b61240cada41126

  • SHA512

    61fbdecae71346359aaac42f50323be0180459c8b573376b2e1fe1af7a82dc023f970d18f14db1ba950a5a4c898ef66a1bf27380534d08bdf334d83a071ba8ca

  • SSDEEP

    24576:Xj+kb1dw1UFbU8u6gM+7gG1xM5hCN4vph0RMj+kb1dw1UFbU8u6gM+7gG1xM5hC9:zHb1c6X+d/4308Hb1c6X+d/430B

  Score

  10^/10

  latentbotevasiontrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies firewall policy service

    evasion

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2