General
-
Target
ee274296f6868f78e047723deba556b5_JaffaCakes118
-
Size
1.3MB
-
Sample
240920-wr7srszglm
-
MD5
ee274296f6868f78e047723deba556b5
-
SHA1
d1d5ba577aaa90e24b456fad7eef0b3098bc652b
-
SHA256
06df035231063d05a2ba203797dda9e0ba70ff165cbdf80e2bf37a18bddb4d09
-
SHA512
82c2c4c704fd9ce0cf26e3b8584f381a1344961fc8a606b771e87438a99fa1cb88eba0b8085e54ccf1f186c0a5ba132d8557da6e3e4bd9ec86f6aa75e5d955df
-
SSDEEP
12288:KcY6U21gU2vAw/eTlCtTM4mxuZGaIWZ04AzpjQb1GRQnYZb62eRHcbwbg71drN0K:oz21EXvrjdN2GLO2p
Malware Config
Extracted
latentbot
googlehound.zapto.org
Targets
-
-
Target
ee274296f6868f78e047723deba556b5_JaffaCakes118
-
Size
1.3MB
-
MD5
ee274296f6868f78e047723deba556b5
-
SHA1
d1d5ba577aaa90e24b456fad7eef0b3098bc652b
-
SHA256
06df035231063d05a2ba203797dda9e0ba70ff165cbdf80e2bf37a18bddb4d09
-
SHA512
82c2c4c704fd9ce0cf26e3b8584f381a1344961fc8a606b771e87438a99fa1cb88eba0b8085e54ccf1f186c0a5ba132d8557da6e3e4bd9ec86f6aa75e5d955df
-
SSDEEP
12288:KcY6U21gU2vAw/eTlCtTM4mxuZGaIWZ04AzpjQb1GRQnYZb62eRHcbwbg71drN0K:oz21EXvrjdN2GLO2p
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1