General

  • Target

    811d2f39dc7b04140205c4e48357ecca_JaffaCakes118

  • Size

    463KB

  • Sample

    240801-tebhpayaqr

  • MD5

    811d2f39dc7b04140205c4e48357ecca

  • SHA1

    77e036b841978eceaa2d7b40e8911d69cabeda92

  • SHA256

    008383dd4f6767667acd4877c68dc9e9ddb31d5e2528422930cbc6e5203f1280

  • SHA512

    c97310c9b6cae1fdf331b64b8968d6ff398ab186251f11152b51ed9b63322f3d4442b9cb442c957d4a0c87ecb282c51b8564cce2c1b103f8540a4cda5d871ceb

  • SSDEEP

    12288:mqVKiSVti9bWmmcqm/pbBzQBlsEHWkIAI+Sc:FIiSVmdmiXoTVI+S

Malware Config

Extracted

Family

latentbot

C2

blackshades.zapto.org

Targets

    • Target

      811d2f39dc7b04140205c4e48357ecca_JaffaCakes118

    • Size

      463KB

    • MD5

      811d2f39dc7b04140205c4e48357ecca

    • SHA1

      77e036b841978eceaa2d7b40e8911d69cabeda92

    • SHA256

      008383dd4f6767667acd4877c68dc9e9ddb31d5e2528422930cbc6e5203f1280

    • SHA512

      c97310c9b6cae1fdf331b64b8968d6ff398ab186251f11152b51ed9b63322f3d4442b9cb442c957d4a0c87ecb282c51b8564cce2c1b103f8540a4cda5d871ceb

    • SSDEEP

      12288:mqVKiSVti9bWmmcqm/pbBzQBlsEHWkIAI+Sc:FIiSVmdmiXoTVI+S

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks