General

  • Target

    d34057aa229cdea2ed624ffffaba443f_JaffaCakes118

  • Size

    388KB

  • Sample

    240908-b2ppqaxcrm

  • MD5

    d34057aa229cdea2ed624ffffaba443f

  • SHA1

    864b7345d9932cbec3e9cff860d1d968fade8ab3

  • SHA256

    c05b20391b2a000fa21895dfd9308f599c2ba7e1341dcc689f3280a36b50f3d9

  • SHA512

    c139af2aa537b4839a5700c0aeaa8eed8953ec4e1605d5318c25c11bc256b4310b1a9ac4e1bb358fe69a8eb325994bcfb8007d944688a76fc4ff9fcc54d4cd3f

  • SSDEEP

    6144:WF0jTaOznFjm4YKdebVxBqGebpcu+kDfK11eHLVmCbjnF4F25qTG5fbJ:93RFfYqebVjqGQwkDSurZbjnF4F2im1

Malware Config

Extracted

Family

latentbot

C2

gniewkowiec0359.zapto.org

Targets

    • Target

      d34057aa229cdea2ed624ffffaba443f_JaffaCakes118

    • Size

      388KB

    • MD5

      d34057aa229cdea2ed624ffffaba443f

    • SHA1

      864b7345d9932cbec3e9cff860d1d968fade8ab3

    • SHA256

      c05b20391b2a000fa21895dfd9308f599c2ba7e1341dcc689f3280a36b50f3d9

    • SHA512

      c139af2aa537b4839a5700c0aeaa8eed8953ec4e1605d5318c25c11bc256b4310b1a9ac4e1bb358fe69a8eb325994bcfb8007d944688a76fc4ff9fcc54d4cd3f

    • SSDEEP

      6144:WF0jTaOznFjm4YKdebVxBqGebpcu+kDfK11eHLVmCbjnF4F25qTG5fbJ:93RFfYqebVjqGQwkDSurZbjnF4F2im1

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks