Extracted

• • Target

    e046ed979c3400f4f5a36e3a3c5eff43_JaffaCakes118

  • Size

    1.4MB

  • MD5

    e046ed979c3400f4f5a36e3a3c5eff43

  • SHA1

    d20777feef71ff205c4c92727ca62078bd7baf5c

  • SHA256

    df9f111b89111e05b0405f4c5bc71464734833c2d60bb08f916eabe1960ccbd9

  • SHA512

    c789e8c9be221f0db3ac28d05a0e64f4111dceb5808a5356f044ce333331df14c41fd0145938effae1984397aead91c1affb403d38dec85dd9ad8c1c21e96359

  • SSDEEP

    24576:2ijhB3UGxxz1xtaA06oq1VqlrEWFtr1ju7VVBsAIuHfqGFcfNoI8eMnytgo0:5UGjpq6oqEb6BCuHfGfDNMk0

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2