General
-
Target
5375359139f753b0e34ee4e624c74314_JaffaCakes118
-
Size
484KB
-
Sample
240717-r5nvlavglp
-
MD5
5375359139f753b0e34ee4e624c74314
-
SHA1
55a17280f67441abcd89f6e3f8aa6b28927c4e31
-
SHA256
2667ffec3bbdc918875111958c1756eb91e4b9383d88417e27f794d7bb147824
-
SHA512
3fbda33cfc4978a23078f6f21d2577b87cb3e2ad21229bafc13c4de1281e849c2f6039ba25548294726d92f01497c2e4bab30db067e476aa4a7548bd65630e42
-
SSDEEP
12288:PdnqvDeXWDD4bi35EFvJVsAxmUx4Rk8L1bMd:Vn0ymuicTbcbM
Malware Config
Extracted
latentbot
blackshadewfs.zapto.org
1blackshadewfs.zapto.org
2blackshadewfs.zapto.org
3blackshadewfs.zapto.org
4blackshadewfs.zapto.org
5blackshadewfs.zapto.org
6blackshadewfs.zapto.org
7blackshadewfs.zapto.org
8blackshadewfs.zapto.org
Targets
-
-
Target
5375359139f753b0e34ee4e624c74314_JaffaCakes118
-
Size
484KB
-
MD5
5375359139f753b0e34ee4e624c74314
-
SHA1
55a17280f67441abcd89f6e3f8aa6b28927c4e31
-
SHA256
2667ffec3bbdc918875111958c1756eb91e4b9383d88417e27f794d7bb147824
-
SHA512
3fbda33cfc4978a23078f6f21d2577b87cb3e2ad21229bafc13c4de1281e849c2f6039ba25548294726d92f01497c2e4bab30db067e476aa4a7548bd65630e42
-
SSDEEP
12288:PdnqvDeXWDD4bi35EFvJVsAxmUx4Rk8L1bMd:Vn0ymuicTbcbM
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1