General

  • Target

    778cc947298543f1124f464ea15f3537_JaffaCakes118

  • Size

    811KB

  • Sample

    240727-kf591szgka

  • MD5

    778cc947298543f1124f464ea15f3537

  • SHA1

    58350434ab2ce5d930224cb65df16194ad70cbd9

  • SHA256

    d3c0716bc99609b4ad5f8eaea5e2c956ece3351c67d49c70c88edaf97d05f459

  • SHA512

    81f2fba1c522e51468de61e5c382977d38ccad03a94cf3d0896cdd408d67e8cfe4295c04f0fc5f1152f4f0356fe4f89927df7c185d30bf0b7c87e6260ccfd67d

  • SSDEEP

    12288:NaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgd:IAEENIq8XwyVPQclDq/+WnpsS

Malware Config

Extracted

Family

latentbot

C2

forumdeturkojan.zapto.org

Targets

    • Target

      778cc947298543f1124f464ea15f3537_JaffaCakes118

    • Size

      811KB

    • MD5

      778cc947298543f1124f464ea15f3537

    • SHA1

      58350434ab2ce5d930224cb65df16194ad70cbd9

    • SHA256

      d3c0716bc99609b4ad5f8eaea5e2c956ece3351c67d49c70c88edaf97d05f459

    • SHA512

      81f2fba1c522e51468de61e5c382977d38ccad03a94cf3d0896cdd408d67e8cfe4295c04f0fc5f1152f4f0356fe4f89927df7c185d30bf0b7c87e6260ccfd67d

    • SSDEEP

      12288:NaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgd:IAEENIq8XwyVPQclDq/+WnpsS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks