General
-
Target
213bab801f500944f38e536ec929c51f_JaffaCakes118
-
Size
272KB
-
Sample
240703-f7b32atdkl
-
MD5
213bab801f500944f38e536ec929c51f
-
SHA1
1f4876a99c65d15a571834ddadbd4c21642ee9db
-
SHA256
7cd374dd3e0e8377b8828c5d3069f7c7007a5de3b4b44b337a5e3f2c307e4911
-
SHA512
774c4e8c8205aaccc47539240cd59b823cc2bbb6b8271f310a8881084fb43630ab899d7efbde1f7471f7a299fc565b5845c1318c8e62738a010df6a695a1b9c4
-
SSDEEP
6144:rxqyofd2pznbLawUfo7kYLOrC5fp31g0FQDsp6ZOY4JJ/Bnq7W7ZTEoY:Vqy8d2pawUAYYr1lQDLZH4J1B7looY
Malware Config
Extracted
latentbot
teamviewersupport.zapto.org
1teamviewersupport.zapto.org
2teamviewersupport.zapto.org
3teamviewersupport.zapto.org
4teamviewersupport.zapto.org
5teamviewersupport.zapto.org
6teamviewersupport.zapto.org
7teamviewersupport.zapto.org
8teamviewersupport.zapto.org
Targets
-
-
Target
213bab801f500944f38e536ec929c51f_JaffaCakes118
-
Size
272KB
-
MD5
213bab801f500944f38e536ec929c51f
-
SHA1
1f4876a99c65d15a571834ddadbd4c21642ee9db
-
SHA256
7cd374dd3e0e8377b8828c5d3069f7c7007a5de3b4b44b337a5e3f2c307e4911
-
SHA512
774c4e8c8205aaccc47539240cd59b823cc2bbb6b8271f310a8881084fb43630ab899d7efbde1f7471f7a299fc565b5845c1318c8e62738a010df6a695a1b9c4
-
SSDEEP
6144:rxqyofd2pznbLawUfo7kYLOrC5fp31g0FQDsp6ZOY4JJ/Bnq7W7ZTEoY:Vqy8d2pawUAYYr1lQDLZH4J1B7looY
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1