General

  • Target

    86df9c108148e82b20ad6a01ce3ee6c8_JaffaCakes118

  • Size

    128KB

  • Sample

    240810-vb9rraybpk

  • MD5

    86df9c108148e82b20ad6a01ce3ee6c8

  • SHA1

    09a343bb12c05294e437a72cddcab6b80f4c176a

  • SHA256

    775c0a367169fab19ae18bb4d7537f9684358fda1fddb4f65f7a9f7283bb7da9

  • SHA512

    ffd896debe63e413cd3fc5e0910e71b7bd36160f690e207274b1e07d774944b055a5febbcae6dcd6e0e6c84735e45d2a243cbc62cad5f285106173f1d66c411f

  • SSDEEP

    3072:HBhGNG66Ffsm9jfxes6SwkRan/nLRxa6Q2f2:hh0G66FP9jfn6SwkRavLaQ

Malware Config

Extracted

Family

latentbot

C2

insomniaftw.zapto.org

Targets

    • Target

      86df9c108148e82b20ad6a01ce3ee6c8_JaffaCakes118

    • Size

      128KB

    • MD5

      86df9c108148e82b20ad6a01ce3ee6c8

    • SHA1

      09a343bb12c05294e437a72cddcab6b80f4c176a

    • SHA256

      775c0a367169fab19ae18bb4d7537f9684358fda1fddb4f65f7a9f7283bb7da9

    • SHA512

      ffd896debe63e413cd3fc5e0910e71b7bd36160f690e207274b1e07d774944b055a5febbcae6dcd6e0e6c84735e45d2a243cbc62cad5f285106173f1d66c411f

    • SSDEEP

      3072:HBhGNG66Ffsm9jfxes6SwkRan/nLRxa6Q2f2:hh0G66FP9jfn6SwkRavLaQ

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks