General
-
Target
JaffaCakes118_1ecb082a9f37bbb974cdfc441fa9afb0
-
Size
256KB
-
Sample
250113-c7ay7asjes
-
MD5
1ecb082a9f37bbb974cdfc441fa9afb0
-
SHA1
a7af0f08b582b30e15dc6e32dbddcfa985bced49
-
SHA256
69d9fa8eeba2fb2671fa7ddee82644367266d506ed6a8dab7e6f6793cfe9a020
-
SHA512
0b85febf564a0fa6464e33daf0cfa515d65f95b1953930dc9b88975dea8cb3aa1e63c8c6ce5c94ab793d7d08a12e81ea315824ac362e4d4a599b01edf722618a
-
SSDEEP
6144:7tWv7pXEi01JlfvqBqB0nBgaPU8peWlP0qhKEdMYnAq:5wlXEi01JlWnBga8CeAsqhK4MYnJ
Malware Config
Extracted
latentbot
dtstudiosadmin.zapto.org
Targets
-
-
Target
JaffaCakes118_1ecb082a9f37bbb974cdfc441fa9afb0
-
Size
256KB
-
MD5
1ecb082a9f37bbb974cdfc441fa9afb0
-
SHA1
a7af0f08b582b30e15dc6e32dbddcfa985bced49
-
SHA256
69d9fa8eeba2fb2671fa7ddee82644367266d506ed6a8dab7e6f6793cfe9a020
-
SHA512
0b85febf564a0fa6464e33daf0cfa515d65f95b1953930dc9b88975dea8cb3aa1e63c8c6ce5c94ab793d7d08a12e81ea315824ac362e4d4a599b01edf722618a
-
SSDEEP
6144:7tWv7pXEi01JlfvqBqB0nBgaPU8peWlP0qhKEdMYnAq:5wlXEi01JlWnBga8CeAsqhK4MYnJ
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1