General
-
Target
58ad655b70ab6de86b1c290c3d7273f2_JaffaCakes118
-
Size
485KB
-
Sample
241018-v4as5azalg
-
MD5
58ad655b70ab6de86b1c290c3d7273f2
-
SHA1
b8facdaf7f7dc0a72b000ddd14fff45856314808
-
SHA256
2b89e4ef4ff73447a28e22a878561d25f474c490509b83c1125cb9fd86ea0588
-
SHA512
b9145737a4e203fd3f7e0cee185ae76548e58c89c17c69de3a1f8ae679ae95e2735cf5d2b17997c62cb53d0ee64f25effa0859036be6b4abe60a1d3366bcfb12
-
SSDEEP
12288:eG+wyunrVMw3qcCNiLEgs2xzidCU+9Ge5:eG+wyun5KNiAn2xzvge5
Malware Config
Extracted
latentbot
anonymousrocks.zapto.org
Targets
-
-
Target
58ad655b70ab6de86b1c290c3d7273f2_JaffaCakes118
-
Size
485KB
-
MD5
58ad655b70ab6de86b1c290c3d7273f2
-
SHA1
b8facdaf7f7dc0a72b000ddd14fff45856314808
-
SHA256
2b89e4ef4ff73447a28e22a878561d25f474c490509b83c1125cb9fd86ea0588
-
SHA512
b9145737a4e203fd3f7e0cee185ae76548e58c89c17c69de3a1f8ae679ae95e2735cf5d2b17997c62cb53d0ee64f25effa0859036be6b4abe60a1d3366bcfb12
-
SSDEEP
12288:eG+wyunrVMw3qcCNiLEgs2xzidCU+9Ge5:eG+wyun5KNiAn2xzvge5
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1