Overview

overview

10

Static

static

7

3b074e0bc4...18.exe

windows7-x64

10

3b074e0bc4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b074e0bc43bb61b7e2c0de9932d35f0_JaffaCakes118

  • Size

    111KB

  • Sample

    240711-2s416axhjp

  • MD5

    3b074e0bc43bb61b7e2c0de9932d35f0

  • SHA1

    8e38f51dabf2b099432170afecc8a70a9e7082e0

  • SHA256

    bb8aab451f40c7787cadb1a9512d642a473f2d7f4606225fd630e845e97e5290

  • SHA512

    f59ee113f20574fe80bb83c4107ade20fcd00d97ccc886fbac56d22228eb8d17513f0a1de654c62613e7151f8ffd5ed88cc7398799467d92a8e643ff53af0a1a

  • SSDEEP

    3072:Ooy8j7VnNdrPHaSekwi+mW+2sxep4AOJEout:u8jZ7rvaU3+mWreep4AOJEoS

Score
10/10
latentbotmodiloaderevasiontrojanupx

Malware Config

Extracted

Family

latentbot

C2

burakaksurat.zapto.org

Targets

    • Target

      3b074e0bc43bb61b7e2c0de9932d35f0_JaffaCakes118

    • Size

      111KB

    • MD5

      3b074e0bc43bb61b7e2c0de9932d35f0

    • SHA1

      8e38f51dabf2b099432170afecc8a70a9e7082e0

    • SHA256

      bb8aab451f40c7787cadb1a9512d642a473f2d7f4606225fd630e845e97e5290

    • SHA512

      f59ee113f20574fe80bb83c4107ade20fcd00d97ccc886fbac56d22228eb8d17513f0a1de654c62613e7151f8ffd5ed88cc7398799467d92a8e643ff53af0a1a

    • SSDEEP

      3072:Ooy8j7VnNdrPHaSekwi+mW+2sxep4AOJEout:u8jZ7rvaU3+mWreep4AOJEoS

    Score
    10/10
    latentbotmodiloaderevasiontrojanupx

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks