General
-
Target
c320c558a90c42a9c570dc2455780acf_JaffaCakes118
-
Size
573KB
-
Sample
240826-q4xwfawhqa
-
MD5
c320c558a90c42a9c570dc2455780acf
-
SHA1
7613cfd2cc7ba8e63db2c922abd6106ef19bba5d
-
SHA256
662ea90b2fb0a9be4630a36eb54a25f95de350ecdd29c1b12f4ecc1c7469bd93
-
SHA512
a7d4897401a06c4b119a23a6af52ea76193b3a3ab2c9002357e6af584358b82a36b7757f24e39922212fd23a2e4c27999586e78d8b5f014eb0ef1d790df0374d
-
SSDEEP
12288:io4764ic07rICLkro9HnDG91RTmjd0EnSlGZ:ioU8XICVMmj5SgZ
Malware Config
Extracted
latentbot
gfaghrtehxvdfsqaj.zapto.org
1gfaghrtehxvdfsqaj.zapto.org
2gfaghrtehxvdfsqaj.zapto.org
3gfaghrtehxvdfsqaj.zapto.org
4gfaghrtehxvdfsqaj.zapto.org
5gfaghrtehxvdfsqaj.zapto.org
6gfaghrtehxvdfsqaj.zapto.org
7gfaghrtehxvdfsqaj.zapto.org
8gfaghrtehxvdfsqaj.zapto.org
Targets
-
-
Target
c320c558a90c42a9c570dc2455780acf_JaffaCakes118
-
Size
573KB
-
MD5
c320c558a90c42a9c570dc2455780acf
-
SHA1
7613cfd2cc7ba8e63db2c922abd6106ef19bba5d
-
SHA256
662ea90b2fb0a9be4630a36eb54a25f95de350ecdd29c1b12f4ecc1c7469bd93
-
SHA512
a7d4897401a06c4b119a23a6af52ea76193b3a3ab2c9002357e6af584358b82a36b7757f24e39922212fd23a2e4c27999586e78d8b5f014eb0ef1d790df0374d
-
SSDEEP
12288:io4764ic07rICLkro9HnDG91RTmjd0EnSlGZ:ioU8XICVMmj5SgZ
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1