General

  • Target

    e057d2fbc9ccc314cfa354a26f601e64_JaffaCakes118

  • Size

    49KB

  • Sample

    241211-hq9dbasjbv

  • MD5

    e057d2fbc9ccc314cfa354a26f601e64

  • SHA1

    a881b4afef5b31d905fc2da260cd6ee3a86003eb

  • SHA256

    0baf8d88799e564b6fea8614c5246e720a49c13df94c0685ca81d21b12d2dcdc

  • SHA512

    7121f8ff024e3eada5361c81b40560217fd5621f18be20ce809c724aaeac82ca5822b3439278fe3741f3d38ffeedf6c26ca8d09d2dce13a24fcde0e7affea88f

  • SSDEEP

    768:PCcXEmM6n+uF1lTrbUoRdUxflh4MFyJYVtsTC8gPNjRQ4lyqRcxj:64EmLTNrYYdUh42bsTC8gDjVWZ

Malware Config

Extracted

Family

latentbot

C2

younisdeaaa.zapto.org

Targets

    • Target

      e057d2fbc9ccc314cfa354a26f601e64_JaffaCakes118

    • Size

      49KB

    • MD5

      e057d2fbc9ccc314cfa354a26f601e64

    • SHA1

      a881b4afef5b31d905fc2da260cd6ee3a86003eb

    • SHA256

      0baf8d88799e564b6fea8614c5246e720a49c13df94c0685ca81d21b12d2dcdc

    • SHA512

      7121f8ff024e3eada5361c81b40560217fd5621f18be20ce809c724aaeac82ca5822b3439278fe3741f3d38ffeedf6c26ca8d09d2dce13a24fcde0e7affea88f

    • SSDEEP

      768:PCcXEmM6n+uF1lTrbUoRdUxflh4MFyJYVtsTC8gPNjRQ4lyqRcxj:64EmLTNrYYdUh42bsTC8gDjVWZ

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks