Extracted

• • Target

    d7d08ed39ce4be4f1e81935b6179b778_JaffaCakes118

  • Size

    487KB

  • MD5

    d7d08ed39ce4be4f1e81935b6179b778

  • SHA1

    d438c36c017a5e87cf6bed06a13010b20abd0791

  • SHA256

    b6a9949600d6f1e9abda3e6d9681c1b48c160a3539bb01976525938e43f7d4eb

  • SHA512

    fb3491365eaf582926d11e37cd1864e5f5b49df2db4d787a056a649c09b935e702941903b889e7e7cfe54bbd765786add8f4411a8f3e1c0de72709b2a54c5253

  • SSDEEP

    12288:+Q1uizxvviXb2qEBT0l8xZBafYVbn4c+w:+Q1vdybwBYqZBRh4c

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2