General
-
Target
88ff7f6d554b21bfca8145796f779da0_JaffaCakes118
-
Size
781KB
-
Sample
241103-b14ggs1jev
-
MD5
88ff7f6d554b21bfca8145796f779da0
-
SHA1
a28b1964e02dfebb3fbacd566c04b8cc4c808db2
-
SHA256
839937b17343a4d77d15b88d2acfa5a56a51a1cbe06c94cbd8925b2237f4c615
-
SHA512
22eb17829d054c8755996eb6ffa120aee872c203127dce5330efb131823ee33268d8df08884229b4f21f10f4c7bd426ba70826be1ee7392762ce2fd722ab2431
-
SSDEEP
24576:jE+fq88Ym9oDzXy3dyC9I1kwxjXDD8fWI:9R9W3LqPxzBI
Malware Config
Extracted
latentbot
nyandcompany.zapto.org
1nyandcompany.zapto.org
2nyandcompany.zapto.org
3nyandcompany.zapto.org
4nyandcompany.zapto.org
5nyandcompany.zapto.org
6nyandcompany.zapto.org
7nyandcompany.zapto.org
8nyandcompany.zapto.org
Targets
-
-
Target
88ff7f6d554b21bfca8145796f779da0_JaffaCakes118
-
Size
781KB
-
MD5
88ff7f6d554b21bfca8145796f779da0
-
SHA1
a28b1964e02dfebb3fbacd566c04b8cc4c808db2
-
SHA256
839937b17343a4d77d15b88d2acfa5a56a51a1cbe06c94cbd8925b2237f4c615
-
SHA512
22eb17829d054c8755996eb6ffa120aee872c203127dce5330efb131823ee33268d8df08884229b4f21f10f4c7bd426ba70826be1ee7392762ce2fd722ab2431
-
SSDEEP
24576:jE+fq88Ym9oDzXy3dyC9I1kwxjXDD8fWI:9R9W3LqPxzBI
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3