General
-
Target
28512881ff98ea80ab937b5dfa790625_JaffaCakes118
-
Size
578KB
-
Sample
240706-m5frrszcnd
-
MD5
28512881ff98ea80ab937b5dfa790625
-
SHA1
509e2a6e67f306f20924b28747530342bb17d4e7
-
SHA256
cfa29a4292f3c4251e9997fb2b0db858ee6de1982980cfe0673ceb4b441661de
-
SHA512
4cb38223f73ea2bbce9629fedc10be0f335d7bd9134a5138094f1938e585eba1a9989f24b5608dc06ebc26af41b3c7becda3e5df6fd7c931c42109851ded7b7f
-
SSDEEP
12288:7xBEda1Sx/aQb48siYqzPm7YCwQgvpXArE9N9sI3zzYn6Hgj12:wda1Sx/aQFsipzPmU/JvpXZdHg
Malware Config
Extracted
latentbot
1iamjesus71.zapto.org
2iamjesus71.zapto.org
3iamjesus71.zapto.org
4iamjesus71.zapto.org
5iamjesus71.zapto.org
6iamjesus71.zapto.org
7iamjesus71.zapto.org
8iamjesus71.zapto.org
Targets
-
-
Target
28512881ff98ea80ab937b5dfa790625_JaffaCakes118
-
Size
578KB
-
MD5
28512881ff98ea80ab937b5dfa790625
-
SHA1
509e2a6e67f306f20924b28747530342bb17d4e7
-
SHA256
cfa29a4292f3c4251e9997fb2b0db858ee6de1982980cfe0673ceb4b441661de
-
SHA512
4cb38223f73ea2bbce9629fedc10be0f335d7bd9134a5138094f1938e585eba1a9989f24b5608dc06ebc26af41b3c7becda3e5df6fd7c931c42109851ded7b7f
-
SSDEEP
12288:7xBEda1Sx/aQb48siYqzPm7YCwQgvpXArE9N9sI3zzYn6Hgj12:wda1Sx/aQFsipzPmU/JvpXZdHg
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1