Extracted

• • Target

    add8ebb383807d7e431faafe2da773b3_JaffaCakes118

  • Size

    1.4MB

  • MD5

    add8ebb383807d7e431faafe2da773b3

  • SHA1

    376f5de6cad69ea402ad58969db2f84e3082424d

  • SHA256

    139ed3f3a98268032044afbc1fb173cdd356200610419756b0741ea45aa88729

  • SHA512

    6e11ec31a74060882606eeb408c1f631c6611fe45b93b8ba14714284940cbbbd4d66a0961158eb8b79115ef513e15d334b21275ea48c4ff78b31fa5387254d0e

  • SSDEEP

    24576:MijhB3UGxxz1xtaA06oq1VqlrEWFtr1ju7VVBsAIuHfqGFcfNoI8eMzbpuOWmQdK:3UGjpq6oqEb6BCuHfGfDNMzqHYv

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2