General

  • Target

    JaffaCakes118_d46e7a694a2843ee11ee8ba6f1a789e0

  • Size

    363KB

  • Sample

    250424-bf6q4svvav

  • MD5

    d46e7a694a2843ee11ee8ba6f1a789e0

  • SHA1

    80a4d7238de0d117748d358232a2b0fea1677b5a

  • SHA256

    e0397fec8d3f873794944a008c3c5a96ea7aee1fefba870a7ebc16a436913fc0

  • SHA512

    d5628bf3745ffb7f2af76f40e07e406282b98a442decbdea0b1ca567aee620bc850805106a20023461ec8fc859e30f729531fffb104db8d48164b9a10a34cfbf

  • SSDEEP

    6144:oGyjnBSkuV1d4eZd88ORJIfrwTBtKSefo53Edpc7:zYnBSkuVUeZdYGwTKfnW

Malware Config

Extracted

Family

latentbot

C2

raremaster77.zapto.org

Targets

    • Target

      JaffaCakes118_d46e7a694a2843ee11ee8ba6f1a789e0

    • Size

      363KB

    • MD5

      d46e7a694a2843ee11ee8ba6f1a789e0

    • SHA1

      80a4d7238de0d117748d358232a2b0fea1677b5a

    • SHA256

      e0397fec8d3f873794944a008c3c5a96ea7aee1fefba870a7ebc16a436913fc0

    • SHA512

      d5628bf3745ffb7f2af76f40e07e406282b98a442decbdea0b1ca567aee620bc850805106a20023461ec8fc859e30f729531fffb104db8d48164b9a10a34cfbf

    • SSDEEP

      6144:oGyjnBSkuV1d4eZd88ORJIfrwTBtKSefo53Edpc7:zYnBSkuVUeZdYGwTKfnW

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v16

Tasks