General

  • Target

    f46e9dbb6d51b957ee56baec7906fde1_JaffaCakes118

  • Size

    348KB

  • Sample

    241215-rw4vfsxkcw

  • MD5

    f46e9dbb6d51b957ee56baec7906fde1

  • SHA1

    8232c8da2b6acdbdf36fba72be6574b99299a6f9

  • SHA256

    584d4542c87acd1a03fe2ba5ced9832bb2778fdef867ad625dd65d384299efa1

  • SHA512

    8aef7eb4316051ee4c4d430d046eae5d3ed8db4a50e75887ffb90a2e349d590a05ad1738c67c6c627326f65461d0af3f735c1f4072648c8c6a6d4fed0bf82bdb

  • SSDEEP

    6144:GYWaeHn1CmDlMgZbe/WH4qUMTLyco/jhfI0vgix0Yl9Ki+ioGH:xW1H1CmDl7Je/A4qUM/ycyfDJCYvjloI

Malware Config

Extracted

Family

latentbot

C2

essstzttztz.zapto.org

Targets

    • Target

      f46e9dbb6d51b957ee56baec7906fde1_JaffaCakes118

    • Size

      348KB

    • MD5

      f46e9dbb6d51b957ee56baec7906fde1

    • SHA1

      8232c8da2b6acdbdf36fba72be6574b99299a6f9

    • SHA256

      584d4542c87acd1a03fe2ba5ced9832bb2778fdef867ad625dd65d384299efa1

    • SHA512

      8aef7eb4316051ee4c4d430d046eae5d3ed8db4a50e75887ffb90a2e349d590a05ad1738c67c6c627326f65461d0af3f735c1f4072648c8c6a6d4fed0bf82bdb

    • SSDEEP

      6144:GYWaeHn1CmDlMgZbe/WH4qUMTLyco/jhfI0vgix0Yl9Ki+ioGH:xW1H1CmDl7Je/A4qUM/ycyfDJCYvjloI

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks