Overview

overview

10

Static

static

3

PatronusKo....1.exe

windows7-x64

10

PatronusKo....1.exe

windows10-2004-x64

10

PatronusKo...32.dll

windows7-x64

3

PatronusKo...32.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aad470b42b2e47119971a2b4d80ab5ee_JaffaCakes118

  • Size

    1.8MB

  • Sample

    241128-d56hrazmdk

  • MD5

    aad470b42b2e47119971a2b4d80ab5ee

  • SHA1

    6f0622b18eb258b0ddd4ed3aca783b2e2dbfacbb

  • SHA256

    7d185fe0dc2abd855c8429d894cb08da8329e07371ab4088614735fe5feb9b5d

  • SHA512

    976b58ce2911368142968209cea77778fe55114ba7aee50d6066c60f8fb859f010e79b1cc674151bb95ec0902b76f39667258bb9badaa589c7b6ab5349bcb7ad

  • SSDEEP

    49152:j91BxT4ia49bD6YjrgI7QQ4SoCErBQgyUI0wK:x/xT4iagbDz/QnBQ7UTT

Score
10/10
latentbotdiscoverypersistencetrojan

Malware Config

Extracted

Family

latentbot

C2

yeniceriler.zapto.org

Targets

    • Target

      PatronusKoxp Beta v2.1/Patronus Koxp Beta v2.1.exe

    • Size

      1.9MB

    • MD5

      cae504db8e67eb5c36210d2d5abcf3fd

    • SHA1

      ff8c508712a1577a29f329a1d70878140651cd50

    • SHA256

      148424a49616617d73d96f0e8b3d28138349ea8fd3eb9312a8d62abf496aa1b9

    • SHA512

      229cb5eff1cea50104e0301e5b5217a261e69e9985829e3ee3aae821dc408f1cbe8f8cf09566d541924afab8348bac9260b4f358455e3c5768455bcf98c8dd0e

    • SSDEEP

      24576:aaeH5Z7Y4LvYQNqTwlAET6fw+DLN5jDftcXRg6puB364ROPwCGnR+ai3cMipYrG:aP0mqTRHrrPGXKuC64QoDurG

    Score
    10/10
    latentbotdiscoverypersistencetrojan

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Latentbot family

      latentbot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      PatronusKoxp Beta v2.1/TABCTL32.OCX

    • Size

      218KB

    • MD5

      dc925b6d77ba9ecb532e2f6750be943b

    • SHA1

      f71215e701401f0dd6fe143e3a630b2e168a4fac

    • SHA256

      d10a197fd53e65dc910ca4aed86cb674c613ff14ce6436d1a445bb27a7a499e0

    • SHA512

      ee9c40e695a29de7e7b8a9fe1ca01ebba9a8bdc199d46d98c71a4e3ecfec566f2fc31300a5e9867e8c791b15ac3ebec076f0710e0f6eec6c3fdea3bde37ab171

    • SSDEEP

      3072:UYMPPBTUImgJO39KAVpfm+IoXgRpiAcahtplVEkpg3//WttZDbtUSREm/UmL/8N:FC9UvEONTmFkgRpiANhtpliGtXDtR4N

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks