General
-
Target
680c0b2f25eab7d5a39b62a0cc874473_JaffaCakes118
-
Size
1.3MB
-
Sample
240723-sdd2rawcmn
-
MD5
680c0b2f25eab7d5a39b62a0cc874473
-
SHA1
92a5d2651b64e8bfed7f10ccea883ae772fb77c9
-
SHA256
e4e243d911cc3c0d1fc1b9c4d95e777b9b3f882d11c4c81d1381337b9f01e8db
-
SHA512
8e3bbbe20b210a0899cc903746d644f5220bc31ba9fa26f37cc3b125f5446630ffa89248dd6f0ddb36b4b53eff483b3bd59d9ed654f8879ece09e98debad793e
-
SSDEEP
24576:VvZFbOYu0bR70JAWXB6CuGh4A2UpqVLWzr80+5OS+cPs7LMxLt:VvZFbOYTR706WxNuGuA29Wzri5n+nLc
Malware Config
Extracted
latentbot
fly4butterfly.zapto.org
Targets
-
-
Target
680c0b2f25eab7d5a39b62a0cc874473_JaffaCakes118
-
Size
1.3MB
-
MD5
680c0b2f25eab7d5a39b62a0cc874473
-
SHA1
92a5d2651b64e8bfed7f10ccea883ae772fb77c9
-
SHA256
e4e243d911cc3c0d1fc1b9c4d95e777b9b3f882d11c4c81d1381337b9f01e8db
-
SHA512
8e3bbbe20b210a0899cc903746d644f5220bc31ba9fa26f37cc3b125f5446630ffa89248dd6f0ddb36b4b53eff483b3bd59d9ed654f8879ece09e98debad793e
-
SSDEEP
24576:VvZFbOYu0bR70JAWXB6CuGh4A2UpqVLWzr80+5OS+cPs7LMxLt:VvZFbOYTR706WxNuGuA29Wzri5n+nLc
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2