General

  • Target

    8988bae8b2890747ed0e475744e8a7ee_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240811-jf39zs1bjn

  • MD5

    8988bae8b2890747ed0e475744e8a7ee

  • SHA1

    64576e09ef38de340646a04ccb3f204022eecece

  • SHA256

    8cfd46a96da9b377ab7c28f1c83159b71d04a15500f3c09ac0631a5d1bfdc9ee

  • SHA512

    f50c45a4efa51ebde9f02c9b46178a3c8ad2feae825c0de4a4fc01e072c8fb7371118dbee92989bfe917d51a1e290c8561d003659405bb409faf6e5509b7ab4c

  • SSDEEP

    49152:yw6+LSEM6AuazyUw0Cg1hc1ZsWYCwSmL:yheAu6c1ZR

Malware Config

Extracted

Family

latentbot

C2

noiptest1905.zapto.org

Targets

    • Target

      8988bae8b2890747ed0e475744e8a7ee_JaffaCakes118

    • Size

      1.5MB

    • MD5

      8988bae8b2890747ed0e475744e8a7ee

    • SHA1

      64576e09ef38de340646a04ccb3f204022eecece

    • SHA256

      8cfd46a96da9b377ab7c28f1c83159b71d04a15500f3c09ac0631a5d1bfdc9ee

    • SHA512

      f50c45a4efa51ebde9f02c9b46178a3c8ad2feae825c0de4a4fc01e072c8fb7371118dbee92989bfe917d51a1e290c8561d003659405bb409faf6e5509b7ab4c

    • SSDEEP

      49152:yw6+LSEM6AuazyUw0Cg1hc1ZsWYCwSmL:yheAu6c1ZR

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks