General

  • Target

    827897fc738bb1fe516cd74152f140bb_JaffaCakes118

  • Size

    852KB

  • Sample

    240802-blkqtswhll

  • MD5

    827897fc738bb1fe516cd74152f140bb

  • SHA1

    2573cabeb500a4e194381557b5327706fd92dd38

  • SHA256

    18909cd222e8155fb27a6b856901b2e10e0704ee59e8724424ac51b375eb8326

  • SHA512

    cce6c2437b15c7973fb927819d677b33bc5bb0715e1163ec5c86a6000f71f1fbe8387e9d18f0d000f2678dd7d6cc42c74f6c76b3382481269fb6222d331ce1d6

  • SSDEEP

    12288:9uEV3sUPJ0c00RDwme95mJyN2KYIosW0KaAPF9Fsv9uifapiPWQsSf7H4fiOXaUS:tjR83UrRLiC5aUrG

Malware Config

Extracted

Family

latentbot

C2

blackyshady.zapto.org

1blackyshady.zapto.org

2blackyshady.zapto.org

3blackyshady.zapto.org

4blackyshady.zapto.org

5blackyshady.zapto.org

6blackyshady.zapto.org

7blackyshady.zapto.org

8blackyshady.zapto.org

Targets

    • Target

      827897fc738bb1fe516cd74152f140bb_JaffaCakes118

    • Size

      852KB

    • MD5

      827897fc738bb1fe516cd74152f140bb

    • SHA1

      2573cabeb500a4e194381557b5327706fd92dd38

    • SHA256

      18909cd222e8155fb27a6b856901b2e10e0704ee59e8724424ac51b375eb8326

    • SHA512

      cce6c2437b15c7973fb927819d677b33bc5bb0715e1163ec5c86a6000f71f1fbe8387e9d18f0d000f2678dd7d6cc42c74f6c76b3382481269fb6222d331ce1d6

    • SSDEEP

      12288:9uEV3sUPJ0c00RDwme95mJyN2KYIosW0KaAPF9Fsv9uifapiPWQsSf7H4fiOXaUS:tjR83UrRLiC5aUrG

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Drops file in Drivers directory

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks