Extracted

• • Target

    b2436aff8a1ff36197471da9f41d7449_JaffaCakes118

  • Size

    736KB

  • MD5

    b2436aff8a1ff36197471da9f41d7449

  • SHA1

    ded3e41038b5b704e010dcd1fcfadb856459c9d4

  • SHA256

    2fee86d849e6278d839051f494180858042d5b9f642e15468964f29d1fdb96e7

  • SHA512

    d3052e739857939e9a88165859d51f8716a3a4a0018a01370f1d6d1d0a31712077f007889a9e823753d9601ecddaa5ae6fcb8d9d8bc9079d2f409ad887cc3128

  • SSDEEP

    12288:Yxo7YNQg2YcKify3iTntxrr0cuUPnIpVwDIX9cgtWb2Y+/mooOCUYuQ:YKwQrsiK3Sr0ckHCb2CgC1

  Score

  10^/10

  latentbotmodiloaderdiscoveryevasionpersistencetrojanupx

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • Modiloader family

    modiloader

  • UAC bypass

    evasiontrojan

  • ModiLoader Second Stage

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2