General
-
Target
8bf99f84ca8bdf4b521547a4e45d8ccd_JaffaCakes118
-
Size
121KB
-
Sample
241103-rzlhaayrap
-
MD5
8bf99f84ca8bdf4b521547a4e45d8ccd
-
SHA1
e2f19bb37a8453b8dd9d08d3266e0f4d4494893c
-
SHA256
7d65930404b0b4f15291303d8effcc899bb7fef9341b371d0a89756c8a8d1b82
-
SHA512
36aded5134c71ec0bc0a3af89daf6dc69e380cad79aea912be2a056b6ba376644a604c7c3f5301cdf0d6d55337759559666be14fe2fa9019f328b302f13d1af1
-
SSDEEP
3072:BhwGr86LUEkIT2Ioi1HupRCZ8Ij26QTu7wsRQ/ustd6gHIkRO6j5ukM:ZuZIfbh7hZk0
Malware Config
Extracted
latentbot
privatehost.zapto.org
Targets
-
-
Target
8bf99f84ca8bdf4b521547a4e45d8ccd_JaffaCakes118
-
Size
121KB
-
MD5
8bf99f84ca8bdf4b521547a4e45d8ccd
-
SHA1
e2f19bb37a8453b8dd9d08d3266e0f4d4494893c
-
SHA256
7d65930404b0b4f15291303d8effcc899bb7fef9341b371d0a89756c8a8d1b82
-
SHA512
36aded5134c71ec0bc0a3af89daf6dc69e380cad79aea912be2a056b6ba376644a604c7c3f5301cdf0d6d55337759559666be14fe2fa9019f328b302f13d1af1
-
SSDEEP
3072:BhwGr86LUEkIT2Ioi1HupRCZ8Ij26QTu7wsRQ/ustd6gHIkRO6j5ukM:ZuZIfbh7hZk0
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-