Overview

overview

10

Static

static

5

3cf91b6cf1...18.exe

windows7-x64

10

3cf91b6cf1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3cf91b6cf1dd24a262ee65a66067dac9_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241013-bfpsla1dkf

  • MD5

    3cf91b6cf1dd24a262ee65a66067dac9

  • SHA1

    02b32bb0460c10b4050c2e97592a5c8971729935

  • SHA256

    68a93828ffbba9ddc3a7a493c909b212af0c2184ab2a96040a13b88e1ea2be8a

  • SHA512

    ad839c6718203f8694004450c758f7a14a38da8cb5996d034997c4f55cea947cd94fbfa3265e261625263e527658bd47948d462d630fec890e96704fb325b3c2

  • SSDEEP

    24576:kRmJkcoQricOIQxiZY1WNi/NvDAFE7EMuoKqgvWNEWixOgwDwRaYO:hJZoQrbTFZY1WNiZEW7EMbwvjdLwDw8X

Score
10/10
latentbotdiscoveryevasiontrojan

Malware Config

Extracted

Family

latentbot

C2

afflictionrat2.zapto.org

1afflictionrat2.zapto.org

2afflictionrat2.zapto.org

3afflictionrat2.zapto.org

4afflictionrat2.zapto.org

5afflictionrat2.zapto.org

6afflictionrat2.zapto.org

7afflictionrat2.zapto.org

8afflictionrat2.zapto.org

Targets

    • Target

      3cf91b6cf1dd24a262ee65a66067dac9_JaffaCakes118

    • Size

      1.2MB

    • MD5

      3cf91b6cf1dd24a262ee65a66067dac9

    • SHA1

      02b32bb0460c10b4050c2e97592a5c8971729935

    • SHA256

      68a93828ffbba9ddc3a7a493c909b212af0c2184ab2a96040a13b88e1ea2be8a

    • SHA512

      ad839c6718203f8694004450c758f7a14a38da8cb5996d034997c4f55cea947cd94fbfa3265e261625263e527658bd47948d462d630fec890e96704fb325b3c2

    • SSDEEP

      24576:kRmJkcoQricOIQxiZY1WNi/NvDAFE7EMuoKqgvWNEWixOgwDwRaYO:hJZoQrbTFZY1WNiZEW7EMbwvjdLwDw8X

    Score
    10/10
    latentbotdiscoveryevasiontrojan

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Modifies firewall policy service

      evasion

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks