Extracted

• • Target

    981f584b0c4186c8787f7323430cfdfc_JaffaCakes118

  • Size

    487KB

  • MD5

    981f584b0c4186c8787f7323430cfdfc

  • SHA1

    1decd9986dfe9c01f56a04d2730ffe9e5f572c9b

  • SHA256

    c00ad4641159261aea9d9b7c46ad36af5a95846cef53654f2a221850eb8241f5

  • SHA512

    e8dfcbcac2e2d93c88b30d86a826114222ae6fe12f1cafee1d8c8fd6e5b0e86fe59ca82ed1c15530e362ac8a22274d9d1511a576c79791cdb05d06d7939643e3

  • SSDEEP

    12288:+Q1uizxvviXb2qEBT0l8xZBafYVbn4c+wj:+Q1vdybwBYqZBRh4c3

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2