Extracted

• • Target

    7b12eb8cdd3411a8c3bf8149d637ace2_JaffaCakes118

  • Size

    627KB

  • MD5

    7b12eb8cdd3411a8c3bf8149d637ace2

  • SHA1

    c2c9ad099e981004e9b9579445f80ca1a159cbdf

  • SHA256

    d12234226c190e7deedec269690eae0ae6984f71dfa8a1c1b5524a8d0ff96675

  • SHA512

    164eaed06fa08c58466ed696f7a58b8618215e0e28c3d810b9b26c0f45b3b7ef0067639e550c8183d1024ea3aac4568d4c65498ea1a313d5c2e1b1b8c3c3a07c

  • SSDEEP

    12288:AS0pJr8GnPrNzJwaIZAOYeKoeZOwg7cHbZ+Bky7wYu04xz40q:qMGzUA7eHeTgGF+ia+xz40q

  Score

  10^/10

  adwindlatentbotpersistencetrojan

  • AdWind

    A Java-based RAT family operated as malware-as-a-service.

    trojanadwind

  • Adwind family

    adwind

  • Class file contains resources related to AdWind

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2