Extracted

• • Target

    7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118

  • Size

    155KB

  • MD5

    7b824e5d964fc615c9d499d3df4cb7fa

  • SHA1

    ffa0e0b22ba2a76473cb07a7d2e2b8e5559a49c5

  • SHA256

    eec58cff377da4fe37b2338f82921d19f157aa88fd7cbe547ae51e75d690121f

  • SHA512

    4a87db8f9d0fdc9d556b9470f900328b5565fe771aee2152ce73d7aaffa4fb71da0f51d96dd3d5b51898277b04c5ce879b99dc84be57f6c0330816c11a00d8c1

  • SSDEEP

    3072:6BQAX4A71Gx3nr5aI+xk4UytHGyqXD0n8HbB3:6zGVnr5X+bHiXgns

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2