General
-
Target
2067b75b5ac5556edf93a73f823de62d_JaffaCakes118
-
Size
361KB
-
Sample
241008-jnmbfawelp
-
MD5
2067b75b5ac5556edf93a73f823de62d
-
SHA1
396d29cef6436749d085f1ea5bb07e7ec2519f33
-
SHA256
64db678c6e62b68e9bc108d4fadcffc7c3ce14af7f17edbed289d7a78589e884
-
SHA512
2507e2b977c73ab80d44b29e2f2ca0651c2a17afe0ed0f0eb9eb42354be3b01b118b60ab4677b86261270970a968b7e68afe2754ae132f4b456cfa2821fef21d
-
SSDEEP
6144:5dYGe6dn2u9DYzZz0FzisEu9pKEJS4iLqxkEn2EMIyAneC9emGNR35x3sakM7N2k:5OGLp2u9DOV0FziszpKEw40q2e3NyvOA
Malware Config
Extracted
latentbot
essstzttztz.zapto.org
Targets
-
-
Target
2067b75b5ac5556edf93a73f823de62d_JaffaCakes118
-
Size
361KB
-
MD5
2067b75b5ac5556edf93a73f823de62d
-
SHA1
396d29cef6436749d085f1ea5bb07e7ec2519f33
-
SHA256
64db678c6e62b68e9bc108d4fadcffc7c3ce14af7f17edbed289d7a78589e884
-
SHA512
2507e2b977c73ab80d44b29e2f2ca0651c2a17afe0ed0f0eb9eb42354be3b01b118b60ab4677b86261270970a968b7e68afe2754ae132f4b456cfa2821fef21d
-
SSDEEP
6144:5dYGe6dn2u9DYzZz0FzisEu9pKEJS4iLqxkEn2EMIyAneC9emGNR35x3sakM7N2k:5OGLp2u9DOV0FziszpKEw40q2e3NyvOA
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1