General

  • Target

    73030e7dc8db294e9763bb3e3c33dd13_JaffaCakes118

  • Size

    812KB

  • Sample

    240726-hpmg6awdna

  • MD5

    73030e7dc8db294e9763bb3e3c33dd13

  • SHA1

    15d03a0c208194bcd880c9a708381929b10a7cb3

  • SHA256

    72b49528da64448a989732b8c39a8efa045a6d549b1d05a2887524f36a80170c

  • SHA512

    9d3ca8dd8acac8489c94bee4e34c2aa217d1288a9d7d54982514f699e869e5b80c54976ec9370470992800e402a84babd9f6616f1d7b562af679ea445649b57a

  • SSDEEP

    12288:ZXQKfNYn7ntgfKNjCmz0gYq888riG03MolRPxNhQT758acUKZWw3U0Q1FS6Z5PHB:lxCn7ttnJ5YQltjGafDZWw3N6ZlB/

Malware Config

Extracted

Family

latentbot

C2

fraieriimei2.zapto.org

Targets

    • Target

      73030e7dc8db294e9763bb3e3c33dd13_JaffaCakes118

    • Size

      812KB

    • MD5

      73030e7dc8db294e9763bb3e3c33dd13

    • SHA1

      15d03a0c208194bcd880c9a708381929b10a7cb3

    • SHA256

      72b49528da64448a989732b8c39a8efa045a6d549b1d05a2887524f36a80170c

    • SHA512

      9d3ca8dd8acac8489c94bee4e34c2aa217d1288a9d7d54982514f699e869e5b80c54976ec9370470992800e402a84babd9f6616f1d7b562af679ea445649b57a

    • SSDEEP

      12288:ZXQKfNYn7ntgfKNjCmz0gYq888riG03MolRPxNhQT758acUKZWw3U0Q1FS6Z5PHB:lxCn7ttnJ5YQltjGafDZWw3N6ZlB/

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks