General

  • Target

    e432cebb34cc6c04759a8c48d848a3e3_JaffaCakes118

  • Size

    368KB

  • Sample

    241212-cfnqzawpax

  • MD5

    e432cebb34cc6c04759a8c48d848a3e3

  • SHA1

    c30a8a53ae2a3ff7ed3139ad0ad8c98cb678d4ce

  • SHA256

    38e9db65cc45506161d779d032df7f2e8e0d288af6c430ed2a35db104d1dcc6c

  • SHA512

    17757062d4df8e3c068ca9b62c90783f33b866e3a70346cc0d70bfb178e4172adae5aeb34e5c3ac9b70dfa540a3eace072d3f509efd53b99bf3714bfc82450d4

  • SSDEEP

    6144:8cCz6qyCkpVXdvJP2GymFCU+4VTdEKtgtTjr2y:8cCz6qpkpVlJOjUCUBVTOj

Malware Config

Extracted

Family

latentbot

C2

xporphyriax.zapto.org

Targets

    • Target

      e432cebb34cc6c04759a8c48d848a3e3_JaffaCakes118

    • Size

      368KB

    • MD5

      e432cebb34cc6c04759a8c48d848a3e3

    • SHA1

      c30a8a53ae2a3ff7ed3139ad0ad8c98cb678d4ce

    • SHA256

      38e9db65cc45506161d779d032df7f2e8e0d288af6c430ed2a35db104d1dcc6c

    • SHA512

      17757062d4df8e3c068ca9b62c90783f33b866e3a70346cc0d70bfb178e4172adae5aeb34e5c3ac9b70dfa540a3eace072d3f509efd53b99bf3714bfc82450d4

    • SSDEEP

      6144:8cCz6qyCkpVXdvJP2GymFCU+4VTdEKtgtTjr2y:8cCz6qpkpVlJOjUCUBVTOj

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks