General

  • Target

    854094ff77486f4c6a3f1c612bde301f_JaffaCakes118

  • Size

    92KB

  • Sample

    240810-h668wsvcrf

  • MD5

    854094ff77486f4c6a3f1c612bde301f

  • SHA1

    c7728dcee24bc3e156d5af91b43b9b553b4ac334

  • SHA256

    4e6ef1e1184a108b432f7cd664246244cee6cd7274143479700f56c855388463

  • SHA512

    ce957e5e16e91b855709b6a8acae5852479be8851e83cc479d4a9efb693db40de956d490d2981c7afd35ebb87c19d3abebf45e568e26498444ffa27b8e2f2e08

  • SSDEEP

    1536:o6t9PDnnGAv25ZjyfeiyI8fCsL+/XV2FiQkRte7/I/lO:o6nK+MN1ifS2l2g8M/lO

Malware Config

Extracted

Family

latentbot

C2

profoundgaming.zapto.org

Targets

    • Target

      854094ff77486f4c6a3f1c612bde301f_JaffaCakes118

    • Size

      92KB

    • MD5

      854094ff77486f4c6a3f1c612bde301f

    • SHA1

      c7728dcee24bc3e156d5af91b43b9b553b4ac334

    • SHA256

      4e6ef1e1184a108b432f7cd664246244cee6cd7274143479700f56c855388463

    • SHA512

      ce957e5e16e91b855709b6a8acae5852479be8851e83cc479d4a9efb693db40de956d490d2981c7afd35ebb87c19d3abebf45e568e26498444ffa27b8e2f2e08

    • SSDEEP

      1536:o6t9PDnnGAv25ZjyfeiyI8fCsL+/XV2FiQkRte7/I/lO:o6nK+MN1ifS2l2g8M/lO

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Modifies WinLogon

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks