Extracted

• • Target

    JaffaCakes118_215d16efbce14a9385f47b9dbe9ca73e

  • Size

    1.6MB

  • MD5

    215d16efbce14a9385f47b9dbe9ca73e

  • SHA1

    038a11a7e784aca5bfa0217cf7dae1ba41ff9120

  • SHA256

    f37680001592883b59ed4efab00a3322ce536a210d93ffdb62582ca6075530ee

  • SHA512

    3e66476219b689cce56b593aabe989c35ba22be314660965bbced6eafed162f07d3b75e93474a9b5db0055cfa06e6e30c3bbc031ba09cf46c439435c07d10547

  • SSDEEP

    24576:GwsXFkwRvJwSEznAm3Fiua8LMgRd0Btyj9R0Cg1hc1vhszDGuDrXZONjZWmQmy5g:Gw6+LSEM6AuazyUw0Cg1hc1ZsWy9ruK

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2