Extracted

• • Target

    aaa99b4243785f3f874177200a53d2cb_JaffaCakes118

  • Size

    1.5MB

  • MD5

    aaa99b4243785f3f874177200a53d2cb

  • SHA1

    20e07b3e62060c294f02d3f93ec703eb0b8e385d

  • SHA256

    78bc319cd75789275f596f4ea94fdc32177107ecb488021426834b48703daf97

  • SHA512

    4409caad70c92e9b3b68c4d402d7f7b00f14b3f32b3021a226906ee90f390654a7b517f48b3fb2e6a96853a01854b4a60093877ce5662d6bcf5fd2e004678566

  • SSDEEP

    24576:l+i2GEBR+w0nGTkC29Tbk+AjWSWgHF0ZBR0v69d0LxvfXsHiDje0dfnMHMekfiLK:lUGEBRAokQ+SWKOX9I3XsHMesfMH1Pvq

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2