General

  • Target

    fda26ab58b66096bdd8f8e1cb79569c7_JaffaCakes118

  • Size

    1.9MB

  • Sample

    241219-aa8svaymfn

  • MD5

    fda26ab58b66096bdd8f8e1cb79569c7

  • SHA1

    d581aa899a4379b39eabd7101c1c5dbfc2c20e75

  • SHA256

    c9f50f5cecae36801a6af58c4a963677ac841bd906c9610c81a9459aa4fea12a

  • SHA512

    47e0928bc7cbbf6b06e8b6a7e6167005cda7303d04e600f015fe8c4282202b123726c1fbc4b856a55eceed6d12b02a72b12f31bce3f0956e40bcdf2e97a4d90d

  • SSDEEP

    49152:Nn9GKSIFhfZRN9pEtAfzrPi37NzHDA6Y0dsfofPB:XnPN9eczrPi37NzHDA6Y0dsfox

Malware Config

Extracted

Family

latentbot

C2

yeniceriler.zapto.org

Targets

    • Target

      fda26ab58b66096bdd8f8e1cb79569c7_JaffaCakes118

    • Size

      1.9MB

    • MD5

      fda26ab58b66096bdd8f8e1cb79569c7

    • SHA1

      d581aa899a4379b39eabd7101c1c5dbfc2c20e75

    • SHA256

      c9f50f5cecae36801a6af58c4a963677ac841bd906c9610c81a9459aa4fea12a

    • SHA512

      47e0928bc7cbbf6b06e8b6a7e6167005cda7303d04e600f015fe8c4282202b123726c1fbc4b856a55eceed6d12b02a72b12f31bce3f0956e40bcdf2e97a4d90d

    • SSDEEP

      49152:Nn9GKSIFhfZRN9pEtAfzrPi37NzHDA6Y0dsfofPB:XnPN9eczrPi37NzHDA6Y0dsfox

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks