General
-
Target
e1ba68dcdc3611279166843f4f253882_JaffaCakes118
-
Size
790KB
-
Sample
240915-fdqpbswgkn
-
MD5
e1ba68dcdc3611279166843f4f253882
-
SHA1
1fe107e422972c86733522fd950b8125dbc02c57
-
SHA256
e4a17bbe3b2d562f2e7d45a3688bcb1616f6b70a97cc43c3fbf583cf0e3c7e60
-
SHA512
2aa7719e09e93ddf6dc9acaa3a177e93c61de8e21768771d5b72b331e1357b12c74ec22c3ed02c047c6885b82fcf3f01672168e555e049c7b446bc8a5a5bfd65
-
SSDEEP
12288:NQmBXaLOclmFrtiWAs1JT7haV3tuMEnIGR3IfXdMq5BHsU61EdFu:NQM2TmFZVn45tKIGRTuf6
Malware Config
Extracted
latentbot
nyandcompany.zapto.org
Targets
-
-
Target
e1ba68dcdc3611279166843f4f253882_JaffaCakes118
-
Size
790KB
-
MD5
e1ba68dcdc3611279166843f4f253882
-
SHA1
1fe107e422972c86733522fd950b8125dbc02c57
-
SHA256
e4a17bbe3b2d562f2e7d45a3688bcb1616f6b70a97cc43c3fbf583cf0e3c7e60
-
SHA512
2aa7719e09e93ddf6dc9acaa3a177e93c61de8e21768771d5b72b331e1357b12c74ec22c3ed02c047c6885b82fcf3f01672168e555e049c7b446bc8a5a5bfd65
-
SSDEEP
12288:NQmBXaLOclmFrtiWAs1JT7haV3tuMEnIGR3IfXdMq5BHsU61EdFu:NQM2TmFZVn45tKIGRTuf6
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3