General

  • Target

    JaffaCakes118_0805431bfb4a9d0c2fd924812a0f9d10

  • Size

    199KB

  • Sample

    250523-p8th5swn13

  • MD5

    0805431bfb4a9d0c2fd924812a0f9d10

  • SHA1

    3832119895755206e63f42e4f86590b5ea0caa82

  • SHA256

    1a6b1c60812704097b3b870fb25adee643c4690853115fb5bc3e43aef4d92a6d

  • SHA512

    4f057eddb7c054638aab75271053961f5417da9d6f27b700f9f1af24ccb917e46eba73575958e74d66ca201a538eccbce73668acc361e5f54ccd330fa9df0187

  • SSDEEP

    6144:3aIVcExS/ss3dYiNHxcmBtYhU+KVCmj1lPDWRXocMyb8L9zGsLqDdnyzNEInNvJG:qCW9zGsLqDdnynKoqX2v

Malware Config

Extracted

Family

latentbot

C2

sniperoujda.zapto.org

Targets

    • Target

      JaffaCakes118_0805431bfb4a9d0c2fd924812a0f9d10

    • Size

      199KB

    • MD5

      0805431bfb4a9d0c2fd924812a0f9d10

    • SHA1

      3832119895755206e63f42e4f86590b5ea0caa82

    • SHA256

      1a6b1c60812704097b3b870fb25adee643c4690853115fb5bc3e43aef4d92a6d

    • SHA512

      4f057eddb7c054638aab75271053961f5417da9d6f27b700f9f1af24ccb917e46eba73575958e74d66ca201a538eccbce73668acc361e5f54ccd330fa9df0187

    • SSDEEP

      6144:3aIVcExS/ss3dYiNHxcmBtYhU+KVCmj1lPDWRXocMyb8L9zGsLqDdnyzNEInNvJG:qCW9zGsLqDdnynKoqX2v

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks