General
-
Target
cd0de78cf2625141205725cedd06dc2a_JaffaCakes118
-
Size
208KB
-
Sample
240831-sp6wxazhnj
-
MD5
cd0de78cf2625141205725cedd06dc2a
-
SHA1
7404daf805d4b1eba206927e4e51e7e421ab0cf6
-
SHA256
6affa799c75f50ca7dc480d4a7702d1f3dc58cb06f41d986a5ab29b60c954226
-
SHA512
9a2482edaf9fe0909d73196a961c2f1a7b2c857021ef7a13ab1f35907f0b6bbc5ac9168e781e9bc18d18b2e3d38d68264335ae24bf88c6a4f3dcbcc94932dce9
-
SSDEEP
3072:pbSWjlXLE4pnwYQD7kfFFOjDI9JyPwWlOzhal2Vh079ki1J:cWRbJ1wYo6FOfIGwHzYT9k0
Malware Config
Extracted
latentbot
spreadmybutter.zapto.org
Targets
-
-
Target
cd0de78cf2625141205725cedd06dc2a_JaffaCakes118
-
Size
208KB
-
MD5
cd0de78cf2625141205725cedd06dc2a
-
SHA1
7404daf805d4b1eba206927e4e51e7e421ab0cf6
-
SHA256
6affa799c75f50ca7dc480d4a7702d1f3dc58cb06f41d986a5ab29b60c954226
-
SHA512
9a2482edaf9fe0909d73196a961c2f1a7b2c857021ef7a13ab1f35907f0b6bbc5ac9168e781e9bc18d18b2e3d38d68264335ae24bf88c6a4f3dcbcc94932dce9
-
SSDEEP
3072:pbSWjlXLE4pnwYQD7kfFFOjDI9JyPwWlOzhal2Vh079ki1J:cWRbJ1wYo6FOfIGwHzYT9k0
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-