Extracted

• • Target

    0c40c211c3590ddb201bfe18ec7469eb_JaffaCakes118

  • Size

    244KB

  • MD5

    0c40c211c3590ddb201bfe18ec7469eb

  • SHA1

    489013921b258d0c3ac8b1be0b38147bee43ca16

  • SHA256

    b6e912d4001d1310d468d546ef729795434e94cb0b84e5969e486e6d53572753

  • SHA512

    75edd45f4cbc2da2c0053e91f1d6986ba6e193f7cfeaa10faffb72442c39770d40fd6f6ccbf2c9ff169b9a79566c2121bdcc27738dd544da8e151631548fb5a1

  • SSDEEP

    3072:vjj5NyBgBIFBCl9dCzx/KHnzJt+WhkPtHNMF50XBOgx3/QdtvMrN4kKlN:vhROBClXzpabxv0/k

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2