General

  • Target

    ad738fd7090dad85f0f26f85241d5d30_JaffaCakes118

  • Size

    228KB

  • Sample

    240820-ca4v1axhkc

  • MD5

    ad738fd7090dad85f0f26f85241d5d30

  • SHA1

    0e961159f115298734d4a4aaac756b0fd51faff5

  • SHA256

    536cf5a0fb4cda7daf71c71a1ecc38489e9affff8c9082239379c2eec7768564

  • SHA512

    7d2238fe8f3640e38981b15986a6e45e8465c471ec6f1a038a9dc21fffd21df3d5b051ab9c0b916b0ed7b306ce827b95dce8a5d398ae2076b344d02d7e0f88af

  • SSDEEP

    3072:FQUO8l7IdJ0keY1TStZGE5DQiiKasOv9cbSpQe084n8ImJaSpBz6RifHx9qKu6:FQX8l7GbenZ/51iKZLje0848YwEROI

Malware Config

Extracted

Family

latentbot

C2

darcissuperleet.zapto.org

Targets

    • Target

      ad738fd7090dad85f0f26f85241d5d30_JaffaCakes118

    • Size

      228KB

    • MD5

      ad738fd7090dad85f0f26f85241d5d30

    • SHA1

      0e961159f115298734d4a4aaac756b0fd51faff5

    • SHA256

      536cf5a0fb4cda7daf71c71a1ecc38489e9affff8c9082239379c2eec7768564

    • SHA512

      7d2238fe8f3640e38981b15986a6e45e8465c471ec6f1a038a9dc21fffd21df3d5b051ab9c0b916b0ed7b306ce827b95dce8a5d398ae2076b344d02d7e0f88af

    • SSDEEP

      3072:FQUO8l7IdJ0keY1TStZGE5DQiiKasOv9cbSpQe084n8ImJaSpBz6RifHx9qKu6:FQX8l7GbenZ/51iKZLje0848YwEROI

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.