General
-
Target
a5cd5db8c411cf1c86428e074fd91a16_JaffaCakes118
-
Size
947KB
-
Sample
240818-hpvtjathqj
-
MD5
a5cd5db8c411cf1c86428e074fd91a16
-
SHA1
ead51e2404dda62c7a6f63d2b2157e028b7cc819
-
SHA256
deb3aebbeb728f10ebcc1936cd516633031557d1063ba5f1c22c9dfc5e6df0f5
-
SHA512
cb50d5665a295db9bd4ad7cbdd0daaae895c2d78cc94f3f8454f4c82ee1ba7873a59328792a2b678f2992593d5efd18def288715e382475b0ea173f9cc2cfc46
-
SSDEEP
12288:/KlNJFPYl+A++NSiI9BruKdSPXO9cD/f0QEUKEFumu9BHyc5TMS/2+ETc/FkbQIa:Z3IjuKmETt5C9TfI29OfEQ
Malware Config
Extracted
latentbot
hiendsystems.zapto.org
Targets
-
-
Target
a5cd5db8c411cf1c86428e074fd91a16_JaffaCakes118
-
Size
947KB
-
MD5
a5cd5db8c411cf1c86428e074fd91a16
-
SHA1
ead51e2404dda62c7a6f63d2b2157e028b7cc819
-
SHA256
deb3aebbeb728f10ebcc1936cd516633031557d1063ba5f1c22c9dfc5e6df0f5
-
SHA512
cb50d5665a295db9bd4ad7cbdd0daaae895c2d78cc94f3f8454f4c82ee1ba7873a59328792a2b678f2992593d5efd18def288715e382475b0ea173f9cc2cfc46
-
SSDEEP
12288:/KlNJFPYl+A++NSiI9BruKdSPXO9cD/f0QEUKEFumu9BHyc5TMS/2+ETc/FkbQIa:Z3IjuKmETt5C9TfI29OfEQ
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3