Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a00fb301627569c02a6049948edfa4f4_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240816-1ncwfaserk

  • MD5

    a00fb301627569c02a6049948edfa4f4

  • SHA1

    876cd672502a32f935b3d74c0709c7ab18d007c0

  • SHA256

    d067eb6f1e71610b17e8c2f04e4aabc5a8dcac2f45f0f1b7c2e513f8f0aeccef

  • SHA512

    fa9778c1b0ef8881b0e6b0c05b48210873b8d329675c947560a23aa74391190e8fac82c379635312fc6a4c070c3f3ec53b82315b2bb0a3d9b3238f77e502fa0d

  • SSDEEP

    49152:Q2ZTGLeCbvW9giG81t6wlK2qinPu6cxyo7POaf/K601R:Q2EViZtt0iPu/oo7POx

Malware Config

Extracted

Family

latentbot

C2

interbarcellona.zapto.org

Targets

    • Target

      a00fb301627569c02a6049948edfa4f4_JaffaCakes118

    • Size

      2.5MB

    • MD5

      a00fb301627569c02a6049948edfa4f4

    • SHA1

      876cd672502a32f935b3d74c0709c7ab18d007c0

    • SHA256

      d067eb6f1e71610b17e8c2f04e4aabc5a8dcac2f45f0f1b7c2e513f8f0aeccef

    • SHA512

      fa9778c1b0ef8881b0e6b0c05b48210873b8d329675c947560a23aa74391190e8fac82c379635312fc6a4c070c3f3ec53b82315b2bb0a3d9b3238f77e502fa0d

    • SSDEEP

      49152:Q2ZTGLeCbvW9giG81t6wlK2qinPu6cxyo7POaf/K601R:Q2EViZtt0iPu/oo7POx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.