General
-
Target
7b8eadbefbc1988fa1dfe0d6876d247c_JaffaCakes118
-
Size
570KB
-
Sample
241029-dbne3s1map
-
MD5
7b8eadbefbc1988fa1dfe0d6876d247c
-
SHA1
9025e40010d18922ac04f9dedee6b583ea3989b5
-
SHA256
b61b3f03798cb336945bde53042925c5386d24f294c705e7bb7f9fd0e3314e9d
-
SHA512
daed23ac27cb57a8af6a8dfd8c8403fc8820962179b4b214bbd40bcaf9befc3743050838904af5fb273e5564c20f0ec55ef3c8e87e2ee69a782d5223bad5d895
-
SSDEEP
6144:L5dyaaaaaaaA1coh5lzrzEcaIZKFTNm7PGMRybaG03kJkkIIL13dHbf9kOmv9zE/:F61xzTJwuRyLPJPnxNH6v9ovUbX9G+jM
Malware Config
Extracted
latentbot
thesopranos.zapto.org
Targets
-
-
Target
7b8eadbefbc1988fa1dfe0d6876d247c_JaffaCakes118
-
Size
570KB
-
MD5
7b8eadbefbc1988fa1dfe0d6876d247c
-
SHA1
9025e40010d18922ac04f9dedee6b583ea3989b5
-
SHA256
b61b3f03798cb336945bde53042925c5386d24f294c705e7bb7f9fd0e3314e9d
-
SHA512
daed23ac27cb57a8af6a8dfd8c8403fc8820962179b4b214bbd40bcaf9befc3743050838904af5fb273e5564c20f0ec55ef3c8e87e2ee69a782d5223bad5d895
-
SSDEEP
6144:L5dyaaaaaaaA1coh5lzrzEcaIZKFTNm7PGMRybaG03kJkkIIL13dHbf9kOmv9zE/:F61xzTJwuRyLPJPnxNH6v9ovUbX9G+jM
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
6