Extracted

• • Target

    fbc87dc904ff343986d666a7cf0200bf_JaffaCakes118

  • Size

    498KB

  • MD5

    fbc87dc904ff343986d666a7cf0200bf

  • SHA1

    8dd6e63a894b96c5c49e4dcf3c4ff8354f36ac1c

  • SHA256

    897ae0e9125628c87a54bd0f6dc2404762369d84d7596ff30bb07ffa34cedeb0

  • SHA512

    3df0aa912799c773e35e0bca384397bb479e8ca878e0504cff6640e4723e1d91e99011941a91501e5c623778f8e3aca08810ce47573620c641fda0bffd2fff8c

  • SSDEEP

    6144:6aRjSA9AmP5OudPJ1xv6THAmuKMAYHCNR3KuljRzGS:1etw5JdPJ1xv6THAN3jiG4jRz

  Score

  10^/10

  latentbotdiscoveryevasionpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2