Extracted

• • Target

    5b0db0b46dd8bb01d245802b62172ed9_JaffaCakes118

  • Size

    270KB

  • MD5

    5b0db0b46dd8bb01d245802b62172ed9

  • SHA1

    238211f37041dd4e8090b594c5d93eb7509ebe48

  • SHA256

    1f114a13ebe6d7ef8e45540482f01632f27f2a618e3c09dd337df955de331f64

  • SHA512

    c8504a5f5a037075cf4b0c76551d014baa205edbe8cea1dd5899a361110ce3adb3e802542968e3bc032b5e827ec0294a0f96e545ea048f052c3343f948319059

  • SSDEEP

    6144:NG377xS2Vp2CeiorXdwTBgWx4v53HpcCJJvHS:wr7xS2Vp6RwTyC2bJJvHS

  Score

  10^/10

  latentbotmodiloaderevasionpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • UAC bypass

    evasiontrojan

  • ModiLoader Second Stage

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2