General
-
Target
f46e9dbb6d51b957ee56baec7906fde1_JaffaCakes118
-
Size
348KB
-
Sample
241215-rw4vfsxkcw
-
MD5
f46e9dbb6d51b957ee56baec7906fde1
-
SHA1
8232c8da2b6acdbdf36fba72be6574b99299a6f9
-
SHA256
584d4542c87acd1a03fe2ba5ced9832bb2778fdef867ad625dd65d384299efa1
-
SHA512
8aef7eb4316051ee4c4d430d046eae5d3ed8db4a50e75887ffb90a2e349d590a05ad1738c67c6c627326f65461d0af3f735c1f4072648c8c6a6d4fed0bf82bdb
-
SSDEEP
6144:GYWaeHn1CmDlMgZbe/WH4qUMTLyco/jhfI0vgix0Yl9Ki+ioGH:xW1H1CmDl7Je/A4qUM/ycyfDJCYvjloI
Static task
static1
Behavioral task
behavioral1
Sample
f46e9dbb6d51b957ee56baec7906fde1_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f46e9dbb6d51b957ee56baec7906fde1_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
latentbot
essstzttztz.zapto.org
Targets
-
-
Target
f46e9dbb6d51b957ee56baec7906fde1_JaffaCakes118
-
Size
348KB
-
MD5
f46e9dbb6d51b957ee56baec7906fde1
-
SHA1
8232c8da2b6acdbdf36fba72be6574b99299a6f9
-
SHA256
584d4542c87acd1a03fe2ba5ced9832bb2778fdef867ad625dd65d384299efa1
-
SHA512
8aef7eb4316051ee4c4d430d046eae5d3ed8db4a50e75887ffb90a2e349d590a05ad1738c67c6c627326f65461d0af3f735c1f4072648c8c6a6d4fed0bf82bdb
-
SSDEEP
6144:GYWaeHn1CmDlMgZbe/WH4qUMTLyco/jhfI0vgix0Yl9Ki+ioGH:xW1H1CmDl7Je/A4qUM/ycyfDJCYvjloI
Score10/10-
Latentbot family
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1