Extracted

• • Target

    2346667ba9648ceeeb39155b47a530dd_JaffaCakes118

  • Size

    34KB

  • MD5

    2346667ba9648ceeeb39155b47a530dd

  • SHA1

    5191e8345c7258a3c90e38cc89a404d66e9953e8

  • SHA256

    4af3d2d51a880eb8915bf4ac38a2c315dda53c235aaac048c7393e9d08acb591

  • SHA512

    fd1b2b15d9727003e24ddc5f4c14e9bcc19cb872d10df56e1ceb31f55bfd927bebdebe9b2c6446679be3ec6fd4f14339aa34d5d73b0fd06969f37cdedd95b28a

  • SSDEEP

    768:iz7bWpu8H6suBQF0HK1r2qiQxvzYcHeWDmp:i7Mji5HUrRnuAm

  Score

  10^/10

  latentbotpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2