General
-
Target
JaffaCakes118_985c809abe68d8b871df7659c174a87e
-
Size
627KB
-
Sample
250330-jwmxyatvfv
-
MD5
985c809abe68d8b871df7659c174a87e
-
SHA1
29eeec03e854812c6fe88a0c3eb897de5b35ccdb
-
SHA256
2b038de8c8ead2495ab7f4cbd8d8b6cace6fc7e40203217da07b56af2be53fb9
-
SHA512
46a66d6a19d3d14e4d0109c3dc77b019e5bcd864786b10adb0a30455955e1e0c1f48785ac48f8488241ab0d562f15d8c6f763e6e52fc5540e55eccfdf8416405
-
SSDEEP
12288:RxZoIwuNIYk/5369ueHlUiNgV23ovOciFiciFcR4x0Cgx0:RRCYk/5AusCxFUniCA0Cg
Malware Config
Extracted
latentbot
alexalextwo.zapto.org
Targets
-
-
Target
JaffaCakes118_985c809abe68d8b871df7659c174a87e
-
Size
627KB
-
MD5
985c809abe68d8b871df7659c174a87e
-
SHA1
29eeec03e854812c6fe88a0c3eb897de5b35ccdb
-
SHA256
2b038de8c8ead2495ab7f4cbd8d8b6cace6fc7e40203217da07b56af2be53fb9
-
SHA512
46a66d6a19d3d14e4d0109c3dc77b019e5bcd864786b10adb0a30455955e1e0c1f48785ac48f8488241ab0d562f15d8c6f763e6e52fc5540e55eccfdf8416405
-
SSDEEP
12288:RxZoIwuNIYk/5369ueHlUiNgV23ovOciFiciFcR4x0Cgx0:RRCYk/5AusCxFUniCA0Cg
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2