General

  • Target

    8089e6c148201c52afea27cbb4ef2b67_JaffaCakes118

  • Size

    109KB

  • Sample

    240801-ps5apsvgke

  • MD5

    8089e6c148201c52afea27cbb4ef2b67

  • SHA1

    9fd47fb1281b0c0ae03579d37e70820b538f7542

  • SHA256

    e3130e6602e2b023e46ef7bc9dc0b3a57dce5e49a15b558c321249d2ec9c8786

  • SHA512

    39a9303312b76d298d01a0fbbc7184c62ea06f125d81264b6b587710c0f2ef2844713eb2ce4dc54ebf10c6a182cb387e41ebec8c64e46d55dcdc2bb3473ede35

  • SSDEEP

    3072:foy8j7VnNdrPHaSekwi+mW+2QwLsSpout:v8jZ7rvaU3+mWrQwLxpoS

Malware Config

Extracted

Family

latentbot

C2

seytaninavukati.zapto.org

Targets

    • Target

      8089e6c148201c52afea27cbb4ef2b67_JaffaCakes118

    • Size

      109KB

    • MD5

      8089e6c148201c52afea27cbb4ef2b67

    • SHA1

      9fd47fb1281b0c0ae03579d37e70820b538f7542

    • SHA256

      e3130e6602e2b023e46ef7bc9dc0b3a57dce5e49a15b558c321249d2ec9c8786

    • SHA512

      39a9303312b76d298d01a0fbbc7184c62ea06f125d81264b6b587710c0f2ef2844713eb2ce4dc54ebf10c6a182cb387e41ebec8c64e46d55dcdc2bb3473ede35

    • SSDEEP

      3072:foy8j7VnNdrPHaSekwi+mW+2QwLsSpout:v8jZ7rvaU3+mWrQwLxpoS

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks