General

  • Target

    JaffaCakes118_effb7a805cb7d9454e631e8658d27f6c

  • Size

    44KB

  • Sample

    250505-ck6gksfk7v

  • MD5

    effb7a805cb7d9454e631e8658d27f6c

  • SHA1

    c5f069803d403aba39d19f58b7de6f40c094adff

  • SHA256

    8d45457a0952ef5eadb0b6a4e4ad716cc7adb18cda5f14510c969fa48233fc31

  • SHA512

    5f79b96de855bb9e5bac23b7f45e67e262257a8d5bdfd9d54d04abf328f03087cd33eb8e0fa4d61f1b1fd0d6bba776eb083f61051305702081c010855532c1c0

  • SSDEEP

    768:YMuM7D37uxSZPWSgix/49JMlGxzKJuBbP:YJkLZWSg0/49JMlGh4UP

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mail.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    06991120651687i

Extracted

Family

latentbot

C2

torrentpier.zapto.org

Targets

    • Target

      JaffaCakes118_effb7a805cb7d9454e631e8658d27f6c

    • Size

      44KB

    • MD5

      effb7a805cb7d9454e631e8658d27f6c

    • SHA1

      c5f069803d403aba39d19f58b7de6f40c094adff

    • SHA256

      8d45457a0952ef5eadb0b6a4e4ad716cc7adb18cda5f14510c969fa48233fc31

    • SHA512

      5f79b96de855bb9e5bac23b7f45e67e262257a8d5bdfd9d54d04abf328f03087cd33eb8e0fa4d61f1b1fd0d6bba776eb083f61051305702081c010855532c1c0

    • SSDEEP

      768:YMuM7D37uxSZPWSgix/49JMlGxzKJuBbP:YJkLZWSg0/49JMlGh4UP

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks