General

  • Target

    7df47f4f8e7a1ea9520e4e2fd5350153_JaffaCakes118

  • Size

    28KB

  • Sample

    240731-z2erhstcpj

  • MD5

    7df47f4f8e7a1ea9520e4e2fd5350153

  • SHA1

    f6fa5844752fff53d608afe0ef5f6c9d3d211dc5

  • SHA256

    26d55d977d85ccbd92ac9204083e039d69db38ac2d0440a7b2cb46f4d0376d3d

  • SHA512

    b1163c852e798bc6ab13cddf144cb30137656d63bea6552bb46e771604f0cdeccb2e55193eb205d8217f5b9f9499eac19daa68a918799661618525947ae40643

  • SSDEEP

    384:YWqNNA5RWT3qdy4TgGtpBiYrJy0bHPqPrqRd6BcHWCkW62qycuseXzVocCAW4W/K:YWqNuHggNybTU6aV6DeXxsY

Malware Config

Extracted

Family

latentbot

C2

crazyman131.zapto.org

Targets

    • Target

      7df47f4f8e7a1ea9520e4e2fd5350153_JaffaCakes118

    • Size

      28KB

    • MD5

      7df47f4f8e7a1ea9520e4e2fd5350153

    • SHA1

      f6fa5844752fff53d608afe0ef5f6c9d3d211dc5

    • SHA256

      26d55d977d85ccbd92ac9204083e039d69db38ac2d0440a7b2cb46f4d0376d3d

    • SHA512

      b1163c852e798bc6ab13cddf144cb30137656d63bea6552bb46e771604f0cdeccb2e55193eb205d8217f5b9f9499eac19daa68a918799661618525947ae40643

    • SSDEEP

      384:YWqNNA5RWT3qdy4TgGtpBiYrJy0bHPqPrqRd6BcHWCkW62qycuseXzVocCAW4W/K:YWqNuHggNybTU6aV6DeXxsY

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks