General

  • Target

    de546254bbc1d0b8c3924b3b84b2fac4_JaffaCakes118

  • Size

    144KB

  • Sample

    241210-yakysawja1

  • MD5

    de546254bbc1d0b8c3924b3b84b2fac4

  • SHA1

    9ca256822fec40dcc976008de65a6203f65181ec

  • SHA256

    77cd5cbb1dd0a2e597cb18c930a0cd843130173ef133035e6b811aa0c4ac84f0

  • SHA512

    ec8cbd541c544fe8184db642f73955280142177f08925fa8d1d455e800f86010f6c40e1ac38721ab7e5d32ff945d8bf8f24173338f83354376593abed2ff17fa

  • SSDEEP

    3072:DVBxRfuUxZ4mkYpo7jfF7DSmTWhlOwake:DVBxpu6dkDffV+UWhlpake

Malware Config

Extracted

Family

latentbot

C2

misteritalie.zapto.org

Targets

    • Target

      de546254bbc1d0b8c3924b3b84b2fac4_JaffaCakes118

    • Size

      144KB

    • MD5

      de546254bbc1d0b8c3924b3b84b2fac4

    • SHA1

      9ca256822fec40dcc976008de65a6203f65181ec

    • SHA256

      77cd5cbb1dd0a2e597cb18c930a0cd843130173ef133035e6b811aa0c4ac84f0

    • SHA512

      ec8cbd541c544fe8184db642f73955280142177f08925fa8d1d455e800f86010f6c40e1ac38721ab7e5d32ff945d8bf8f24173338f83354376593abed2ff17fa

    • SSDEEP

      3072:DVBxRfuUxZ4mkYpo7jfF7DSmTWhlOwake:DVBxpu6dkDffV+UWhlpake

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks