General
-
Target
955026d0cce01ca24e370fc92b191388_JaffaCakes118
-
Size
290KB
-
Sample
240814-kaevwaxanj
-
MD5
955026d0cce01ca24e370fc92b191388
-
SHA1
a8ec01ebbc32e98c8d3b5e77046099a13568c2f3
-
SHA256
8fa8658250cc2ad2d38231a4398bf4557e1696c9addfc8aa08d9acff15e09d80
-
SHA512
07ad433cc4b7f55a42bcf892291e1b1f6b7e6c5900458aeb49c3d732ee405f3469f52151248dd11f53cf7b685a8be1072a0eaef7457cef2ff9a1307e0b0c885f
-
SSDEEP
6144:OgSEOvlo2IDz1gVMlsOjrf1uXrJCoazgu/YuJdZb/7xFz+hfiRhz5TeboX:OCOvlo2xVksOrfExu/Zxb/n8QHO+
Malware Config
Extracted
latentbot
emmanuelisay.zapto.org
Targets
-
-
Target
955026d0cce01ca24e370fc92b191388_JaffaCakes118
-
Size
290KB
-
MD5
955026d0cce01ca24e370fc92b191388
-
SHA1
a8ec01ebbc32e98c8d3b5e77046099a13568c2f3
-
SHA256
8fa8658250cc2ad2d38231a4398bf4557e1696c9addfc8aa08d9acff15e09d80
-
SHA512
07ad433cc4b7f55a42bcf892291e1b1f6b7e6c5900458aeb49c3d732ee405f3469f52151248dd11f53cf7b685a8be1072a0eaef7457cef2ff9a1307e0b0c885f
-
SSDEEP
6144:OgSEOvlo2IDz1gVMlsOjrf1uXrJCoazgu/YuJdZb/7xFz+hfiRhz5TeboX:OCOvlo2xVksOrfExu/Zxb/n8QHO+
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-