Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
28/03/2025, 13:04
General
-
Target
JaffaCakes118_8ab005fa32ecaf0b7050c8123a1d76c0.exe
-
Size
104KB
-
MD5
8ab005fa32ecaf0b7050c8123a1d76c0
-
SHA1
b96f593d442699892525b71486f9e3b980409079
-
SHA256
03e9766f9ee13cd36947ed60a91193ad0aa423071e620cdffab9ad4babdc1e44
-
SHA512
33e559a54fa07ab20f64d3de2a829e0ae1881f72355ae3a6bee90b44c3523edf39aac30b3057d95fc768f430532cd6be0e93706ca26f5c53ac1b04b37c241333
-
SSDEEP
1536:ueB11wAeGAB+4T6qZSVhIitZmcB3CQlwDwX3X/Ml4W4jEgLgSIREI:V1w9846qDitZLRCQlwDwXUl4ugdI
Malware Config
Extracted
latentbot
bkr33zysucksdick.zapto.org
Signatures
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Executes dropped EXE 4 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ab005fa32ecaf0b7050c8123a1d76c0.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ab005fa32ecaf0b7050c8123a1d76c0.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ab005fa32ecaf0b7050c8123a1d76c0.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ab005fa32ecaf0b7050c8123a1d76c0.exe"2⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\raidhost.exe"C:\Windows\raidhost.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\raidhost.exe"C:\Windows\raidhost.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c raidhost.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\raidhost.exeraidhost.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\raidhost.exe"C:\Windows\raidhost.exe"3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD58ab005fa32ecaf0b7050c8123a1d76c0
SHA1b96f593d442699892525b71486f9e3b980409079
SHA25603e9766f9ee13cd36947ed60a91193ad0aa423071e620cdffab9ad4babdc1e44
SHA51233e559a54fa07ab20f64d3de2a829e0ae1881f72355ae3a6bee90b44c3523edf39aac30b3057d95fc768f430532cd6be0e93706ca26f5c53ac1b04b37c241333
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
104KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
104KB
-
Filesize
348KB
-
Filesize
104KB
-
Filesize
104KB