Extracted

• • Target

    9d1302d7bf9da006d6157f438376d4a2_JaffaCakes118

  • Size

    1.9MB

  • MD5

    9d1302d7bf9da006d6157f438376d4a2

  • SHA1

    90dbdaca78757b6647d01fcee8979768b5248c63

  • SHA256

    aa772cb2dcbf58d84be623fd90095bc137cf033e4b2edfd5ebef0696136f7b5f

  • SHA512

    90c78bf2bbe9c072874081658f378ef2546313f080530f999ec5ad99ddcb7fed913cb1ccc26496b2a909935f7163e5d14bd5144a3d7e0847e7baee65b7c58446

  • SSDEEP

    24576:AaeH5Z7Y4LvYQNqTwVfqiSvtDsg/u8cAWTU/m0Su/K4AAXT9IOLzycJNNym7dty4:AP0mqTGywgG8/vx/K4AADLz7NpT6rG

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2