General
-
Target
2ec9ab46c55fd23eb7339c3000dae352_JaffaCakes118
-
Size
573KB
-
Sample
240709-dmnvzstarj
-
MD5
2ec9ab46c55fd23eb7339c3000dae352
-
SHA1
487160b7df627fe9211d07a75fcbffcd8539bd95
-
SHA256
38f63f4790e25ac50d0d6d8080942a0566b62bd91805ccddccdcf83ea93b30d7
-
SHA512
ac1dbe503669d5342e898cd087864233fe9894e8d0f3742d40336c580432b1be6dfea6aa360e0bbb6cd36bd7d2442364b626f8a948e8abe346a93951fa05f296
-
SSDEEP
12288:io4764ic07rICLkro9HnDG91RTmjd0EnSlGn:ioU8XICVMmj5Sgn
Malware Config
Extracted
latentbot
gfaghrtehxvdfsqaj.zapto.org
1gfaghrtehxvdfsqaj.zapto.org
2gfaghrtehxvdfsqaj.zapto.org
3gfaghrtehxvdfsqaj.zapto.org
4gfaghrtehxvdfsqaj.zapto.org
5gfaghrtehxvdfsqaj.zapto.org
6gfaghrtehxvdfsqaj.zapto.org
7gfaghrtehxvdfsqaj.zapto.org
8gfaghrtehxvdfsqaj.zapto.org
Targets
-
-
Target
2ec9ab46c55fd23eb7339c3000dae352_JaffaCakes118
-
Size
573KB
-
MD5
2ec9ab46c55fd23eb7339c3000dae352
-
SHA1
487160b7df627fe9211d07a75fcbffcd8539bd95
-
SHA256
38f63f4790e25ac50d0d6d8080942a0566b62bd91805ccddccdcf83ea93b30d7
-
SHA512
ac1dbe503669d5342e898cd087864233fe9894e8d0f3742d40336c580432b1be6dfea6aa360e0bbb6cd36bd7d2442364b626f8a948e8abe346a93951fa05f296
-
SSDEEP
12288:io4764ic07rICLkro9HnDG91RTmjd0EnSlGn:ioU8XICVMmj5Sgn
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1