General

  • Target

    ef6938bc94e6ed0ce0801307e945aa63_JaffaCakes118

  • Size

    147KB

  • Sample

    241214-sqz5rawlh1

  • MD5

    ef6938bc94e6ed0ce0801307e945aa63

  • SHA1

    d069d94541f7d7e1ec95facbc3e444f9a20c843f

  • SHA256

    b50d88162eaf070e17512d7fe2031f80d1d6d4c2ea24ca444b311615a2498c12

  • SHA512

    4ce15e3c10d597b48af1d96c39e29e63949fcc7af8f2fb656479340b3f8cf3f2a011db82c384c76616db97a018f5cb5baed44f6c5c2fe3f58b1bf44cb9d2bb40

  • SSDEEP

    1536:5hl4AyLOUeW+e/Sdxyp8A9OXbjjNEO7M2RD9ziVa3ehzqLTROi1yUK2t4/9PPJO4:fiAyLOXhxd89OXblEmD9sQT48KT1PBrH

Malware Config

Extracted

Family

latentbot

C2

serverforme.zapto.org

Targets

    • Target

      ef6938bc94e6ed0ce0801307e945aa63_JaffaCakes118

    • Size

      147KB

    • MD5

      ef6938bc94e6ed0ce0801307e945aa63

    • SHA1

      d069d94541f7d7e1ec95facbc3e444f9a20c843f

    • SHA256

      b50d88162eaf070e17512d7fe2031f80d1d6d4c2ea24ca444b311615a2498c12

    • SHA512

      4ce15e3c10d597b48af1d96c39e29e63949fcc7af8f2fb656479340b3f8cf3f2a011db82c384c76616db97a018f5cb5baed44f6c5c2fe3f58b1bf44cb9d2bb40

    • SSDEEP

      1536:5hl4AyLOUeW+e/Sdxyp8A9OXbjjNEO7M2RD9ziVa3ehzqLTROi1yUK2t4/9PPJO4:fiAyLOXhxd89OXblEmD9sQT48KT1PBrH

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks