General
-
Target
6500db7ea3ab5075fb9e89baca79168e_JaffaCakes118
-
Size
241KB
-
Sample
240722-154eqa1hnp
-
MD5
6500db7ea3ab5075fb9e89baca79168e
-
SHA1
a752f119ae6af9d09aa81f412ab186c215ff9661
-
SHA256
9bfca08d6e025e6443bbf1bfd3fb5b6d639224ced63a2816a13ad41b205fa95f
-
SHA512
515c8a65fc80cae52d2d9401f15b9ad1e1af81f9bfda2e82f954072bef4e5a70f67ab06bc7ad53df49e9825f497f75c15e4663bcba8947fef69ad2d353459b26
-
SSDEEP
6144:JPTlpB/4Y0LkYEaB7mK83+IEK+Qu20rxU:tlpBU/E47mK8OIE/51U
Malware Config
Extracted
latentbot
pokemon12345.zapto.org
1pokemon12345.zapto.org
2pokemon12345.zapto.org
3pokemon12345.zapto.org
4pokemon12345.zapto.org
5pokemon12345.zapto.org
6pokemon12345.zapto.org
7pokemon12345.zapto.org
8pokemon12345.zapto.org
Targets
-
-
Target
6500db7ea3ab5075fb9e89baca79168e_JaffaCakes118
-
Size
241KB
-
MD5
6500db7ea3ab5075fb9e89baca79168e
-
SHA1
a752f119ae6af9d09aa81f412ab186c215ff9661
-
SHA256
9bfca08d6e025e6443bbf1bfd3fb5b6d639224ced63a2816a13ad41b205fa95f
-
SHA512
515c8a65fc80cae52d2d9401f15b9ad1e1af81f9bfda2e82f954072bef4e5a70f67ab06bc7ad53df49e9825f497f75c15e4663bcba8947fef69ad2d353459b26
-
SSDEEP
6144:JPTlpB/4Y0LkYEaB7mK83+IEK+Qu20rxU:tlpBU/E47mK8OIE/51U
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1