General

  • Target

    JaffaCakes118_d11711a0fde8d82233708e38661e61f0

  • Size

    732KB

  • Sample

    250423-e7t36szrz8

  • MD5

    d11711a0fde8d82233708e38661e61f0

  • SHA1

    a9dd2025da63c355eb554c8af88828c50abf4e55

  • SHA256

    1b24bd14bf96ddfb5bbff65868810ff4ffec3955767c7f2a75fbeff5facadf5a

  • SHA512

    f92013b9fd75efc1b08683819c74795184543675e5477a455af97ed4e096d2aa85f07ce9f9321e0cb988939fc0a4f95746091c6d8f1e604dc68b24965312726c

  • SSDEEP

    12288:15+KVZXtLilnCtzJtY+0n9I6U1uAEIWRE6GFk5ajZ0hLoc9UC9Eq4YNI:lzslnqzJu+okEAEv2VkXNpPEq4Yq

Malware Config

Extracted

Family

latentbot

C2

superblyseax.zapto.org

Targets

    • Target

      JaffaCakes118_d11711a0fde8d82233708e38661e61f0

    • Size

      732KB

    • MD5

      d11711a0fde8d82233708e38661e61f0

    • SHA1

      a9dd2025da63c355eb554c8af88828c50abf4e55

    • SHA256

      1b24bd14bf96ddfb5bbff65868810ff4ffec3955767c7f2a75fbeff5facadf5a

    • SHA512

      f92013b9fd75efc1b08683819c74795184543675e5477a455af97ed4e096d2aa85f07ce9f9321e0cb988939fc0a4f95746091c6d8f1e604dc68b24965312726c

    • SSDEEP

      12288:15+KVZXtLilnCtzJtY+0n9I6U1uAEIWRE6GFk5ajZ0hLoc9UC9Eq4YNI:lzslnqzJu+okEAEv2VkXNpPEq4Yq

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks