General
-
Target
JaffaCakes118_8da56361ad56d9f6f3148115e2854192
-
Size
293KB
-
Sample
250329-v3s83sxscx
-
MD5
8da56361ad56d9f6f3148115e2854192
-
SHA1
d9464ba47987a428e1e7311d395e425314a93981
-
SHA256
83ecefecd3e63fc04ea3f24b67b90fcbe4d7f90c452c90c3e71d8ea4d3124250
-
SHA512
5e3def8ed35bdef226937c9c45eae2633a1ac6c7e50f43696b699d3034c5e38b64694bd5eeb87975803457dae298333e00af948a8ff0e6bc14031a2ad6c454de
-
SSDEEP
6144:INLJza9/yLrCtGUdIjCb68rmhczRJj+R8IPBb0BOBdxbsHtJc:INLJzqK+1qCm8aCCRppwBYnsA
Malware Config
Extracted
latentbot
sdfsadfasdf.zapto.org
Targets
-
-
Target
JaffaCakes118_8da56361ad56d9f6f3148115e2854192
-
Size
293KB
-
MD5
8da56361ad56d9f6f3148115e2854192
-
SHA1
d9464ba47987a428e1e7311d395e425314a93981
-
SHA256
83ecefecd3e63fc04ea3f24b67b90fcbe4d7f90c452c90c3e71d8ea4d3124250
-
SHA512
5e3def8ed35bdef226937c9c45eae2633a1ac6c7e50f43696b699d3034c5e38b64694bd5eeb87975803457dae298333e00af948a8ff0e6bc14031a2ad6c454de
-
SSDEEP
6144:INLJza9/yLrCtGUdIjCb68rmhczRJj+R8IPBb0BOBdxbsHtJc:INLJzqK+1qCm8aCCRppwBYnsA
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
UAC bypass
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
6