General
-
Target
8fe902ae2810d625584d5460a84aedd9_JaffaCakes118
-
Size
408KB
-
Sample
240812-xnajjayhkf
-
MD5
8fe902ae2810d625584d5460a84aedd9
-
SHA1
3fc53f911dfce12393c3b5a8473c11e8ed7d91cc
-
SHA256
81b4ae1402f9cd453a2c1999e3b91689edfbad736ad728e423a1b7ab9ed1b8d1
-
SHA512
eb12eebac7e17394cea0f4e29bf606439ef0605a25c7216a643e7bc829cbf0115d0f48dedb9384442e2631bc29eb37d7201c0f84ec76fd8f8ddfb338eb21d04b
-
SSDEEP
12288:kB1WeREBTvYBBxzgutXrYeWjohQdFYAs8zkv5lKNl:U1JWvKOWYiGdFds8Yv5
Malware Config
Extracted
latentbot
yournetwork.zapto.org
Targets
-
-
Target
8fe902ae2810d625584d5460a84aedd9_JaffaCakes118
-
Size
408KB
-
MD5
8fe902ae2810d625584d5460a84aedd9
-
SHA1
3fc53f911dfce12393c3b5a8473c11e8ed7d91cc
-
SHA256
81b4ae1402f9cd453a2c1999e3b91689edfbad736ad728e423a1b7ab9ed1b8d1
-
SHA512
eb12eebac7e17394cea0f4e29bf606439ef0605a25c7216a643e7bc829cbf0115d0f48dedb9384442e2631bc29eb37d7201c0f84ec76fd8f8ddfb338eb21d04b
-
SSDEEP
12288:kB1WeREBTvYBBxzgutXrYeWjohQdFYAs8zkv5lKNl:U1JWvKOWYiGdFds8Yv5
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1