Overview

overview

10

Static

static

3

East-Tec.A...RD.exe

windows7-x64

10

East-Tec.A...RD.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bab21327088052679ed9c5cd3e3cb158_JaffaCakes118

  • Size

    4.0MB

  • Sample

    240823-g6de5ssalq

  • MD5

    bab21327088052679ed9c5cd3e3cb158

  • SHA1

    d6abfbde8772cae4f08a322a1166884dc843990f

  • SHA256

    0f25a8ce2f00c07de25d33e5d60ca8aaacca78f79d737d258bdbf601fcd8c02b

  • SHA512

    6912a8e779a0dc9c010d1ae2190eb1c5570be93176f735eed911467d8012ffcfd146b8e4da1b9e0f028724a7da7b2d1fc3339760ded46157473f68aca302f712

  • SSDEEP

    12288:s6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75Li:snQkTf4d+INGxetl0GrBb/A6752

Score
10/10
latentbotdiscoveryevasiontrojan

Malware Config

Extracted

Family

latentbot

C2

patrickstar23.zapto.org

1patrickstar23.zapto.org

2patrickstar23.zapto.org

3patrickstar23.zapto.org

4patrickstar23.zapto.org

5patrickstar23.zapto.org

6patrickstar23.zapto.org

7patrickstar23.zapto.org

8patrickstar23.zapto.org

Targets

    • Target

      East-Tec.All.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.exe

    • Size

      4.0MB

    • MD5

      7390fb261650e9015a00c29c61ac3677

    • SHA1

      26ff56591d829d03c5968c2959631a13213ee505

    • SHA256

      f507b2877afe1b0b8b53a3ab4481a5c17610c9570b1f85132cedb52192922ff4

    • SHA512

      8f784b768d8052f037f0a1b243e083262fa1758e9c156009aa5b454a13da608c5a8ac2c9e45a567744d044973ccdddebcb8b3a69c44b8360e28575b82c429c52

    • SSDEEP

      12288:a6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75L:anQkTf4d+INGxetl0GrBb/A675

    Score
    10/10
    latentbotdiscoveryevasiontrojan

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Modifies firewall policy service

      evasion

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks