General

  • Target

    89b092092c86c927ab7f7e9ebb1fc2a4_JaffaCakes118

  • Size

    141KB

  • Sample

    240811-kffdlawemc

  • MD5

    89b092092c86c927ab7f7e9ebb1fc2a4

  • SHA1

    7c5ad84ceb2a5c321c855d091685d4617dadfab8

  • SHA256

    42a841d25bca00b47de80bd1c95aa0076ba917fde1511a3ffad5518179cfe052

  • SHA512

    1d40063d7bfd35b9e39153071e795aa131bbb11b4f86231124bbc749dd0032e65687a2ba1b5262dab619f9350631a8426b330529b5f976451cf3b06177326396

  • SSDEEP

    3072:qix5XnHSNwVR6vW6nNQAUrTrogAaU/eTQyBnykmNsNl0viuxzO/T5ukA:qiTXuKUn2X5A2tyfDvCI

Malware Config

Extracted

Family

latentbot

C2

serverforme.zapto.org

Targets

    • Target

      89b092092c86c927ab7f7e9ebb1fc2a4_JaffaCakes118

    • Size

      141KB

    • MD5

      89b092092c86c927ab7f7e9ebb1fc2a4

    • SHA1

      7c5ad84ceb2a5c321c855d091685d4617dadfab8

    • SHA256

      42a841d25bca00b47de80bd1c95aa0076ba917fde1511a3ffad5518179cfe052

    • SHA512

      1d40063d7bfd35b9e39153071e795aa131bbb11b4f86231124bbc749dd0032e65687a2ba1b5262dab619f9350631a8426b330529b5f976451cf3b06177326396

    • SSDEEP

      3072:qix5XnHSNwVR6vW6nNQAUrTrogAaU/eTQyBnykmNsNl0viuxzO/T5ukA:qiTXuKUn2X5A2tyfDvCI

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks