Extracted

• • Target

    JaffaCakes118_3a1bc1a8c533d1ce594111ef496bf98a

  • Size

    1.1MB

  • MD5

    3a1bc1a8c533d1ce594111ef496bf98a

  • SHA1

    711ba62c2b32be53ea5a2130b8c2a29122038c2a

  • SHA256

    0d3862f72976f17cc81c815d5fd5fe9aed43be573571fd726a89bd98a181f2b3

  • SHA512

    329f1dcac81bf8e09602b224a438230662f24d9b81ec8d09baa09440bdd693202616cf350a60c3213c9bd9908410ea368d2592bd6ae3f947c8778ff884a19d2a

  • SSDEEP

    24576:PjecY/51UYNHZcwnN2x1ifNhgkj718Ta0oaVQxwOp:Pj/bwN2ifNh/18Ta0ocQ

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2