Extracted

• • Target

    ebaab581b2ee931e2c37f264f9540d41_JaffaCakes118

  • Size

    1.1MB

  • MD5

    ebaab581b2ee931e2c37f264f9540d41

  • SHA1

    51de89950ec1db8764c8f9d5fe7a3565036ccc59

  • SHA256

    e672d726f213a8cef50e54c695ec080202a1ce5d6242cb43f2cf1e8bcbd4c9bf

  • SHA512

    1eb0c1426f9eefb6837e5a6fdf77ae4f98e7fc383897ed8e25ddcced31c33f9b3e2314818bf060b9473c770e6b6f57f7fd52dedf94abf2e227f8a8b375ebcd88

  • SSDEEP

    24576:VmS5XmqepapmqRsyYtrWmQ3+7oUVj1Ku7WOU3L5fmaw:Vp+ymXsmGuqrQaw

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2