Extracted

• • Target

    418c7dcc38bc4856f00a6e0067774ec4_JaffaCakes118

  • Size

    115KB

  • MD5

    418c7dcc38bc4856f00a6e0067774ec4

  • SHA1

    95b6baecca24bcfc2a366230cd6b7597361b5f73

  • SHA256

    16ca6ef3a3dafa34c5fa0c1ac6db90d7f3744277dacec41ac100f46f35d59674

  • SHA512

    75edb83a575545dc326d38d12249740fb5e2fc2d184d4707deda5eaf5e35805a43b3baf6fa9740230e6e1ac27df0d6583a315f025d9054f25195baf5129d58da

  • SSDEEP

    3072:b0kW3A7V8ET+Bd341KDvq7UPIPuROerYORIkFyLdKr:zTCEqH3UKDC7U+uBrYOKM/r

  Score

  10^/10

  executionlatentbotstrratpersistencestealertrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • STRRAT

    STRRAT is a remote access tool than can steal credentials and log keystrokes.

    trojanstealerstrrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2