General
-
Target
7586067e341cf0fafded772d42ea9d09_JaffaCakes118
-
Size
200KB
-
Sample
241025-a27d4azckc
-
MD5
7586067e341cf0fafded772d42ea9d09
-
SHA1
594a7d6f5b0d77accf17da8fe0e072db9abacf29
-
SHA256
5da5c8a8bbf7c7a9ad86e2094dc12c20c0af40f4655420e01929d3ef1d3f3c59
-
SHA512
263909e380e7cf644485d9df0e38ed443d2f3cf0ce42711879b737596cf9e852256267f08dace2737724d5818c688860ae38715b31cbabd675e820af29b2530f
-
SSDEEP
3072:YQTFakoHWdTWUuhq5C0TFk/UXgWNgYkkDxCDnn8/gcX7yyra9ne8:PFWHWdOhmC0JTXpR9CD849Aox
Malware Config
Extracted
latentbot
skyrank1029.zapto.org
Targets
-
-
Target
7586067e341cf0fafded772d42ea9d09_JaffaCakes118
-
Size
200KB
-
MD5
7586067e341cf0fafded772d42ea9d09
-
SHA1
594a7d6f5b0d77accf17da8fe0e072db9abacf29
-
SHA256
5da5c8a8bbf7c7a9ad86e2094dc12c20c0af40f4655420e01929d3ef1d3f3c59
-
SHA512
263909e380e7cf644485d9df0e38ed443d2f3cf0ce42711879b737596cf9e852256267f08dace2737724d5818c688860ae38715b31cbabd675e820af29b2530f
-
SSDEEP
3072:YQTFakoHWdTWUuhq5C0TFk/UXgWNgYkkDxCDnn8/gcX7yyra9ne8:PFWHWdOhmC0JTXpR9CD849Aox
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1