Extracted

• • Target

    b5aaf5bae3509ba41238ad6a8ce20e07_JaffaCakes118

  • Size

    468KB

  • MD5

    b5aaf5bae3509ba41238ad6a8ce20e07

  • SHA1

    261108aa7e0b31d07e3dbae790d075e9d54af978

  • SHA256

    61caf5f918b70043fdcf6e429dcf8ed0e03b415ba5739482be7c5b256c95eea7

  • SHA512

    2683df735e89e96e0174fbce7b92645456c86b2439e451dde201c5e770f590e03dda9def6a9625a716fd2b0bfe32768587ed367f568dcac24deffff2c9b9bffb

  • SSDEEP

    12288:SAxlgw0lI4HYcplX87WLUrQVuj2KoOV2fbzZ7fGPw8SwF6:khlIaUzrQ4j2KoOVib97+I8SwF6

  Score

  10^/10

  latentbotdiscoveryevasionpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies firewall policy service

    evasion

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2