General
-
Target
d43fbba6a176daafe06eb6ec9a01a1ee_JaffaCakes118
-
Size
688KB
-
Sample
240908-njgbvawalb
-
MD5
d43fbba6a176daafe06eb6ec9a01a1ee
-
SHA1
cf53f1b209e75e7cfe46b598c9e272944bb2a8a6
-
SHA256
e83c84a4145f73e0164cd3f428f5b47b2fb29b650cb0ca94a6aa591c1525920e
-
SHA512
ebbd8e0510394bef486a26a184dcf7ad742cb0b958e5a9cb73c741937a672891faa136ad76cfa19d8ccd18f8282604775c47af15ee2e48395e38e3bd56b041a4
-
SSDEEP
12288:ro2VOCmcf8yyzTz+jHr8BaqO40uTU7VQk2vXaNrpMbHJc8:kD7+jLCe7yk2vXLzb
Malware Config
Extracted
latentbot
1juliagaetz.zapto.org
2juliagaetz.zapto.org
3juliagaetz.zapto.org
4juliagaetz.zapto.org
5juliagaetz.zapto.org
6juliagaetz.zapto.org
7juliagaetz.zapto.org
8juliagaetz.zapto.org
Targets
-
-
Target
d43fbba6a176daafe06eb6ec9a01a1ee_JaffaCakes118
-
Size
688KB
-
MD5
d43fbba6a176daafe06eb6ec9a01a1ee
-
SHA1
cf53f1b209e75e7cfe46b598c9e272944bb2a8a6
-
SHA256
e83c84a4145f73e0164cd3f428f5b47b2fb29b650cb0ca94a6aa591c1525920e
-
SHA512
ebbd8e0510394bef486a26a184dcf7ad742cb0b958e5a9cb73c741937a672891faa136ad76cfa19d8ccd18f8282604775c47af15ee2e48395e38e3bd56b041a4
-
SSDEEP
12288:ro2VOCmcf8yyzTz+jHr8BaqO40uTU7VQk2vXaNrpMbHJc8:kD7+jLCe7yk2vXLzb
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1