General

  • Target

    788901d88a62786fe09465f48b87fdaf_JaffaCakes118

  • Size

    290KB

  • Sample

    240727-r5xgqsxeka

  • MD5

    788901d88a62786fe09465f48b87fdaf

  • SHA1

    27b6926b2cc6012a6af85a03bc8ab1041d327f51

  • SHA256

    4e054bef6499a2f80854bbbb4063c7d9eb5c139df5641a9ddc1d460c4a69f244

  • SHA512

    e17dfcad3ee1f2df181d8dd63d4dd45c0405625c70d11247e0f493baf7d5cca7ec0754d94436d7b81c30507fdb1d0e0cbcaa4b2cf9de4ea211cee92783a6f7dd

  • SSDEEP

    6144:ijbUCICA+OExgDQjQq2NlMWH3CGm9ptSjyjLlwqaKv6bc:ijwvCAUSnBTMyzm9ptpjh5ak

Malware Config

Extracted

Family

latentbot

C2

1easydung69.zapto.org

2easydung69.zapto.org

3easydung69.zapto.org

4easydung69.zapto.org

5easydung69.zapto.org

6easydung69.zapto.org

7easydung69.zapto.org

8easydung69.zapto.org

Targets

    • Target

      788901d88a62786fe09465f48b87fdaf_JaffaCakes118

    • Size

      290KB

    • MD5

      788901d88a62786fe09465f48b87fdaf

    • SHA1

      27b6926b2cc6012a6af85a03bc8ab1041d327f51

    • SHA256

      4e054bef6499a2f80854bbbb4063c7d9eb5c139df5641a9ddc1d460c4a69f244

    • SHA512

      e17dfcad3ee1f2df181d8dd63d4dd45c0405625c70d11247e0f493baf7d5cca7ec0754d94436d7b81c30507fdb1d0e0cbcaa4b2cf9de4ea211cee92783a6f7dd

    • SSDEEP

      6144:ijbUCICA+OExgDQjQq2NlMWH3CGm9ptSjyjLlwqaKv6bc:ijwvCAUSnBTMyzm9ptpjh5ak

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks