Overview

overview

10

Static

static

5

f1c1a6302c...18.exe

windows7-x64

10

f1c1a6302c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1c1a6302c68e40f7eb7553b2c33cde7_JaffaCakes118

  • Size

    138KB

  • Sample

    241215-cb6qzssncp

  • MD5

    f1c1a6302c68e40f7eb7553b2c33cde7

  • SHA1

    0d18c10f16b2f0a7cde60dfdf19d3fc9cd87f73c

  • SHA256

    b7d86915144436b593b59b20b80a9190b48170a1c8b0157463d641edc8d96aa8

  • SHA512

    ffee461ef1e44c2ea21b0bc899fd5282c1d512764c4a401127e08e7d15fa8db8439bf76f993e4d06cfe559eb1b455999b783619f2afae7f929af2f3882a4d881

  • SSDEEP

    3072:wrMI/wBLMzKqpQujnSabibHPR09db1fDP/iUzK2yHmcnpzS:wrbIwzKqpQgn5WbvR09db1fDSIyH3np

Score
10/10
latentbotdiscoveryevasiontrojanupx

Malware Config

Extracted

Family

latentbot

C2

1kaizuma911.zapto.org

2kaizuma911.zapto.org

3kaizuma911.zapto.org

4kaizuma911.zapto.org

5kaizuma911.zapto.org

6kaizuma911.zapto.org

7kaizuma911.zapto.org

8kaizuma911.zapto.org

Targets

    • Target

      f1c1a6302c68e40f7eb7553b2c33cde7_JaffaCakes118

    • Size

      138KB

    • MD5

      f1c1a6302c68e40f7eb7553b2c33cde7

    • SHA1

      0d18c10f16b2f0a7cde60dfdf19d3fc9cd87f73c

    • SHA256

      b7d86915144436b593b59b20b80a9190b48170a1c8b0157463d641edc8d96aa8

    • SHA512

      ffee461ef1e44c2ea21b0bc899fd5282c1d512764c4a401127e08e7d15fa8db8439bf76f993e4d06cfe559eb1b455999b783619f2afae7f929af2f3882a4d881

    • SSDEEP

      3072:wrMI/wBLMzKqpQujnSabibHPR09db1fDP/iUzK2yHmcnpzS:wrbIwzKqpQgn5WbvR09db1fDSIyH3np

    Score
    10/10
    latentbotdiscoveryevasiontrojanupx

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Latentbot family

      latentbot

    • Modifies firewall policy service

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks