General

  • Target

    JaffaCakes118_087ba7846f6017d6c49b2554d7219d10

  • Size

    165KB

  • Sample

    250524-a8vnwazyg1

  • MD5

    087ba7846f6017d6c49b2554d7219d10

  • SHA1

    936d7930f9384f4dfc89deadfd1ba3378081afe7

  • SHA256

    980c66c9b79095e5d394befacb561de1029704c91a3627609957c1d40d26b76d

  • SHA512

    296daa86c7189c077aa3fd9a2f938f0733f776fa23af9c72030dec3146abb721c375574c1bb50628d5bdb5519be2407cae485543a542c0a00608f906682d7c38

  • SSDEEP

    3072:/0ZwFm+I8Acxe6bX6cpBrOHsj+RlyNG/WhwfKh0hTwBHX1w6iH++:8yfI8O6bdPrMsylAwiyhx62

Malware Config

Extracted

Family

latentbot

C2

pointblank100.zapto.org

Targets

    • Target

      JaffaCakes118_087ba7846f6017d6c49b2554d7219d10

    • Size

      165KB

    • MD5

      087ba7846f6017d6c49b2554d7219d10

    • SHA1

      936d7930f9384f4dfc89deadfd1ba3378081afe7

    • SHA256

      980c66c9b79095e5d394befacb561de1029704c91a3627609957c1d40d26b76d

    • SHA512

      296daa86c7189c077aa3fd9a2f938f0733f776fa23af9c72030dec3146abb721c375574c1bb50628d5bdb5519be2407cae485543a542c0a00608f906682d7c38

    • SSDEEP

      3072:/0ZwFm+I8Acxe6bX6cpBrOHsj+RlyNG/WhwfKh0hTwBHX1w6iH++:8yfI8O6bdPrMsylAwiyhx62

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks