General
-
Target
ad738fd7090dad85f0f26f85241d5d30_JaffaCakes118
-
Size
228KB
-
Sample
240820-ca4v1axhkc
-
MD5
ad738fd7090dad85f0f26f85241d5d30
-
SHA1
0e961159f115298734d4a4aaac756b0fd51faff5
-
SHA256
536cf5a0fb4cda7daf71c71a1ecc38489e9affff8c9082239379c2eec7768564
-
SHA512
7d2238fe8f3640e38981b15986a6e45e8465c471ec6f1a038a9dc21fffd21df3d5b051ab9c0b916b0ed7b306ce827b95dce8a5d398ae2076b344d02d7e0f88af
-
SSDEEP
3072:FQUO8l7IdJ0keY1TStZGE5DQiiKasOv9cbSpQe084n8ImJaSpBz6RifHx9qKu6:FQX8l7GbenZ/51iKZLje0848YwEROI
Malware Config
Extracted
latentbot
darcissuperleet.zapto.org
Targets
-
-
Target
ad738fd7090dad85f0f26f85241d5d30_JaffaCakes118
-
Size
228KB
-
MD5
ad738fd7090dad85f0f26f85241d5d30
-
SHA1
0e961159f115298734d4a4aaac756b0fd51faff5
-
SHA256
536cf5a0fb4cda7daf71c71a1ecc38489e9affff8c9082239379c2eec7768564
-
SHA512
7d2238fe8f3640e38981b15986a6e45e8465c471ec6f1a038a9dc21fffd21df3d5b051ab9c0b916b0ed7b306ce827b95dce8a5d398ae2076b344d02d7e0f88af
-
SSDEEP
3072:FQUO8l7IdJ0keY1TStZGE5DQiiKasOv9cbSpQe084n8ImJaSpBz6RifHx9qKu6:FQX8l7GbenZ/51iKZLje0848YwEROI
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1