Extracted

• • Target

    9fbdc223fd2933fac5a9bb801f59c6b1_JaffaCakes118

  • Size

    108KB

  • MD5

    9fbdc223fd2933fac5a9bb801f59c6b1

  • SHA1

    fca37e0fa1a54f97d6c02609a49acc291b454cc6

  • SHA256

    28bc76580c4dccb7ec8fbfe82e6a0f094627556217650dcfcf80a7291a0fceaa

  • SHA512

    dd356c7047fdc1862c8cdae109c4ea234021f9be2520c41075571400e74e38a3775a4afbda7b14f08e608129ecca77325e6ee59b20e67271ed04c9441ca10013

  • SSDEEP

    3072:pUX+caOwfR3qvW3ouQ/JLfIrjpvQ7qSMf8MfZG:pUX+cy3qvJuoLgKiEM

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2