General
-
Target
4f79393fa14bd527e002d8a34ce16031_JaffaCakes118
-
Size
624KB
-
Sample
241016-2wzwls1elj
-
MD5
4f79393fa14bd527e002d8a34ce16031
-
SHA1
892028fdade39ca1d0327d29aa707c9fc151465c
-
SHA256
09c0751f5988eb31fd0ad9b609b190ab2c53179a9883ec49c1eacf6bb243e337
-
SHA512
fd7479ab31a88bc3d3c9d6c9e9f5475751e2793dcbe4784e41a6b4eefc35ab755700489889895e189fe1f3c77413f47a9b1ec96e3af3c0999fd9ba8deba8f104
-
SSDEEP
12288:lOGLp2u9D8Px0Z75XejJnDuqXCwmLapqlvdWHM4xca7ZWArfRdaNF0f720Mj6MqV:6K8E79ejF9ywmLap0FoM4xiArfGN6f7r
Malware Config
Extracted
latentbot
essstzttztz.zapto.org
Targets
-
-
Target
4f79393fa14bd527e002d8a34ce16031_JaffaCakes118
-
Size
624KB
-
MD5
4f79393fa14bd527e002d8a34ce16031
-
SHA1
892028fdade39ca1d0327d29aa707c9fc151465c
-
SHA256
09c0751f5988eb31fd0ad9b609b190ab2c53179a9883ec49c1eacf6bb243e337
-
SHA512
fd7479ab31a88bc3d3c9d6c9e9f5475751e2793dcbe4784e41a6b4eefc35ab755700489889895e189fe1f3c77413f47a9b1ec96e3af3c0999fd9ba8deba8f104
-
SSDEEP
12288:lOGLp2u9D8Px0Z75XejJnDuqXCwmLapqlvdWHM4xca7ZWArfRdaNF0f720Mj6MqV:6K8E79ejF9ywmLap0FoM4xiArfGN6f7r
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1