General

  • Target

    f0c44a8fca902ac825b5b5bce1cb0ff3_JaffaCakes118

  • Size

    195KB

  • Sample

    241214-z8by7swpcl

  • MD5

    f0c44a8fca902ac825b5b5bce1cb0ff3

  • SHA1

    92647d01cb4f8edc16dedffe25947d5161bc4877

  • SHA256

    653285cb289c7837cd3e8ae15959640b29d4df5f0feb0058a4631385e3246ad6

  • SHA512

    716557a571fcde2f9ddb7829d1a35abff934f40a33e2a0ce2902f1716b5bbbdc25fdf610952010a6b8c01462a909687075b595067e86a7aa57793327b1babeee

  • SSDEEP

    6144:0BrJA3vpRNAFQiMc+xCvR/1zxgQ0Sio4fe:0BVALNAFQiMcB8X1W

Malware Config

Extracted

Family

latentbot

C2

dreamsserver.zapto.org

Targets

    • Target

      gladiator.exe

    • Size

      247KB

    • MD5

      a3d1897a5a519267b7f123eef9de0947

    • SHA1

      797c9c1c18465749f1436119edbd5997efe5e301

    • SHA256

      7953e42f63dc02aa5e9af2565ad8b42db651c10e9b565c000f1f6df5ce18bc3d

    • SHA512

      b890128b11a3ba459af3b3eaa6dee57d590b8ce4cdf188383d04b3c25d097f7e43d248d38f9b9e1a7d7bc181741e9da2ca64a90ea47283a47fac11ad10d183c9

    • SSDEEP

      6144:Bz+92mhAMJ/cPl3i8/5ctbOkN4s2Ks1JShvZsB6GgZpQo5HP8sb:BK2mhAMJ/cPlJWtqkv2kBZvGmpZvtb

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks