Extracted

• • Target

    60c9bb7c8e43d4c826aa2966929c011e_JaffaCakes118

  • Size

    92KB

  • MD5

    60c9bb7c8e43d4c826aa2966929c011e

  • SHA1

    99c2727b79626e03b477c4170fb754dcfe3570ee

  • SHA256

    5874407a974b12892e668665f0f9c2ceb6fd8ddcf64df6b0649ccde59207c48d

  • SHA512

    eafa7b6a837b54d04cc6f0ecf2326be17dd2a464c3832f1fd0f891178c1f67d1fa36bacf496cee60e64308108420c8c358d01f32b7474b6381122bdbf484366f

  • SSDEEP

    1536:zhSfyDpLVjAckBYyqUg782ckTxnwyEMJ4fvU1n66h2bYd:iup+GLsPQwDu4fMxd2bYd

  Score

  10^/10

  latentbotpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2