Extracted

• • Target

    30c73558baf088ecd1417f33f36b1c46_JaffaCakes118

  • Size

    1.5MB

  • MD5

    30c73558baf088ecd1417f33f36b1c46

  • SHA1

    b57cd087075a186f9397524a9fe080ce834d1168

  • SHA256

    4e6360bce6666ae2d642474c551f898512b3af9e9c02607f0572057495e88706

  • SHA512

    5d1f5439e07e49b9d91f40d776af677a9c18d621675814da554eca8ca8025e113a604c3514ed4d55efd2365f699963075fde122818e7d1d15d44dfec57b057e5

  • SSDEEP

    24576:WijhB3UGxxz1xtaA06oq1VqlrEWFtr1ju7VVBsAIuHfqGFcfNoI8eMouHESfEzqG:ZUGjpq6oqEb6BCuHfGfDNMzG

  Score

  10^/10

  latentbotpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2