General

  • Target

    ee274296f6868f78e047723deba556b5_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240920-wr7srszglm

  • MD5

    ee274296f6868f78e047723deba556b5

  • SHA1

    d1d5ba577aaa90e24b456fad7eef0b3098bc652b

  • SHA256

    06df035231063d05a2ba203797dda9e0ba70ff165cbdf80e2bf37a18bddb4d09

  • SHA512

    82c2c4c704fd9ce0cf26e3b8584f381a1344961fc8a606b771e87438a99fa1cb88eba0b8085e54ccf1f186c0a5ba132d8557da6e3e4bd9ec86f6aa75e5d955df

  • SSDEEP

    12288:KcY6U21gU2vAw/eTlCtTM4mxuZGaIWZ04AzpjQb1GRQnYZb62eRHcbwbg71drN0K:oz21EXvrjdN2GLO2p

Malware Config

Extracted

Family

latentbot

C2

googlehound.zapto.org

Targets

    • Target

      ee274296f6868f78e047723deba556b5_JaffaCakes118

    • Size

      1.3MB

    • MD5

      ee274296f6868f78e047723deba556b5

    • SHA1

      d1d5ba577aaa90e24b456fad7eef0b3098bc652b

    • SHA256

      06df035231063d05a2ba203797dda9e0ba70ff165cbdf80e2bf37a18bddb4d09

    • SHA512

      82c2c4c704fd9ce0cf26e3b8584f381a1344961fc8a606b771e87438a99fa1cb88eba0b8085e54ccf1f186c0a5ba132d8557da6e3e4bd9ec86f6aa75e5d955df

    • SSDEEP

      12288:KcY6U21gU2vAw/eTlCtTM4mxuZGaIWZ04AzpjQb1GRQnYZb62eRHcbwbg71drN0K:oz21EXvrjdN2GLO2p

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.