General
-
Target
0ffad55d5e663fb3e79d4adee5536d59_JaffaCakes118
-
Size
660KB
-
Sample
241003-wkwf6ayekk
-
MD5
0ffad55d5e663fb3e79d4adee5536d59
-
SHA1
57aeec3b9aff5720be14319794352d23dee6fd27
-
SHA256
101d94163010b36353461ca833ca44154d23f4fe33f3e14c12cc42e681137a51
-
SHA512
d896e756eea08bac3252d664ae640c459b9bb964aee6a3ae61578ab3455480e46c3afe49470161c98c6f2060275a84aa62edbcc4180ac215e313c41d8abe0245
-
SSDEEP
12288:S5cgSKYTTJ/rq1mwlafNr5XjgCqemTuSZpKdaAL1:SWQAT9OMwlafF5TgCmTNZsdf
Malware Config
Extracted
latentbot
corbyshitnig.zapto.org
Targets
-
-
Target
0ffad55d5e663fb3e79d4adee5536d59_JaffaCakes118
-
Size
660KB
-
MD5
0ffad55d5e663fb3e79d4adee5536d59
-
SHA1
57aeec3b9aff5720be14319794352d23dee6fd27
-
SHA256
101d94163010b36353461ca833ca44154d23f4fe33f3e14c12cc42e681137a51
-
SHA512
d896e756eea08bac3252d664ae640c459b9bb964aee6a3ae61578ab3455480e46c3afe49470161c98c6f2060275a84aa62edbcc4180ac215e313c41d8abe0245
-
SSDEEP
12288:S5cgSKYTTJ/rq1mwlafNr5XjgCqemTuSZpKdaAL1:SWQAT9OMwlafF5TgCmTNZsdf
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-