Extracted

• • Target

    2a0d7246464998d8d73da8637fba0e68_JaffaCakes118

  • Size

    497KB

  • MD5

    2a0d7246464998d8d73da8637fba0e68

  • SHA1

    fb329ade3d5a934813682d7ddcb2a3b614fae0a2

  • SHA256

    86a316be1d4aeaa8af78b7d04c5c33a3d369061441261039132eed65d3e6d702

  • SHA512

    9da4def17bbc0534d0eccbcbda3e57674c5be472b1ffcfc2057fc70fb919b0f64f3d4ac828782430b2833685c3801fc0c59ecf4d2bc040e832db5985ff657677

  • SSDEEP

    12288:b5+vRGbhLjSRAtdChCZ25fDa/tsTqRkmJN:b7hLuRAjCEAxDa/Oq6o

  Score

  10^/10

  latentbotpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2