Extracted

• • Target

    ed92ca0dc781fcdcc8813d388f88edcd_JaffaCakes118

  • Size

    1.7MB

  • MD5

    ed92ca0dc781fcdcc8813d388f88edcd

  • SHA1

    95ab1962176590c1adb96a99efba73daf8898844

  • SHA256

    fbe8d9d84fa140c7e9e9f04330342bc3c636d3f3a3c7d6bc1364e8b89198d2db

  • SHA512

    864dd4c58b9e6b78ef648e2ccb54d1c7e06ebb3c3cd2c8f784d6cb3ba43fb1e06c1d1de030c466e506c1abb2bc65929bf29eb3067c55f33a2de56f3ac8479a18

  • SSDEEP

    24576:XijhB3UGxxz1xtaA06oq1VqlrEWFtr1ju7VVBsAIuHfqGFcfNoI8eMEYppvtQd6c:4UGjpq6oqEb6BCuHfGfDNMjq0K

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2