General

  • Target

    e912f3304ad024cd5f372e9841dca40e_JaffaCakes118

  • Size

    302KB

  • Sample

    240918-n8ngfszbmb

  • MD5

    e912f3304ad024cd5f372e9841dca40e

  • SHA1

    6143abd6ae53f88316c3c8b6b8e0a276b350caba

  • SHA256

    25b9faa0e98219baa584af25043ae37184dc2ab41e30da04f54e0afde2d55c59

  • SHA512

    b02724ff3663ca5aa3c7dba9745b04da6123dd7b21e6992a7739f0d8d552e85b116afc54b5fc3d757a821111d63886750f2c32087f657251a4cf54110cd93888

  • SSDEEP

    6144:Aa5jVb60xGvzi4h9XyVyeyD4OQPC4i6mjdee7gkXwztrgUffoS9j:A4jVb60V4CyyPYjdP7gkgzpgUXoS

Malware Config

Extracted

Family

latentbot

C2

pertenemene.zapto.org

Targets

    • Target

      e912f3304ad024cd5f372e9841dca40e_JaffaCakes118

    • Size

      302KB

    • MD5

      e912f3304ad024cd5f372e9841dca40e

    • SHA1

      6143abd6ae53f88316c3c8b6b8e0a276b350caba

    • SHA256

      25b9faa0e98219baa584af25043ae37184dc2ab41e30da04f54e0afde2d55c59

    • SHA512

      b02724ff3663ca5aa3c7dba9745b04da6123dd7b21e6992a7739f0d8d552e85b116afc54b5fc3d757a821111d63886750f2c32087f657251a4cf54110cd93888

    • SSDEEP

      6144:Aa5jVb60xGvzi4h9XyVyeyD4OQPC4i6mjdee7gkXwztrgUffoS9j:A4jVb60V4CyyPYjdP7gkgzpgUXoS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.