General
-
Target
JaffaCakes118_0d45fe1bc53fe53c60e52c6c608d04f0
-
Size
368KB
-
Sample
250604-heaevaskz5
-
MD5
0d45fe1bc53fe53c60e52c6c608d04f0
-
SHA1
63bc6687de5d89c02b81a5e5451be0f6bbc7c284
-
SHA256
521208f8666769715282e7ff58a9201d8bf5aac3f816bc91e7e62712bed27f27
-
SHA512
b14a134e0aa1e3df9473d4fb0168701a6250bc50d3a357948d334bf75ab198625a0760a348d4dd65194ef36f5af3d7fd4da2678cb5975a7ef69cdd3cda68b7a9
-
SSDEEP
6144:TpSHm8gnhTB0FbhETV5wvr2FbwdU6NigfggEGa+sd4+/kPgQ8zGaIEGY1NTtbOM3:TAG8ghTaFbaTX+KFkSJ+m/koQ8iDAhZ3
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0d45fe1bc53fe53c60e52c6c608d04f0.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0d45fe1bc53fe53c60e52c6c608d04f0.exe
Resource
win11-20250502-en
Malware Config
Extracted
latentbot
sparrowjagwar.zapto.org
Targets
-
-
Target
JaffaCakes118_0d45fe1bc53fe53c60e52c6c608d04f0
-
Size
368KB
-
MD5
0d45fe1bc53fe53c60e52c6c608d04f0
-
SHA1
63bc6687de5d89c02b81a5e5451be0f6bbc7c284
-
SHA256
521208f8666769715282e7ff58a9201d8bf5aac3f816bc91e7e62712bed27f27
-
SHA512
b14a134e0aa1e3df9473d4fb0168701a6250bc50d3a357948d334bf75ab198625a0760a348d4dd65194ef36f5af3d7fd4da2678cb5975a7ef69cdd3cda68b7a9
-
SSDEEP
6144:TpSHm8gnhTB0FbhETV5wvr2FbwdU6NigfggEGa+sd4+/kPgQ8zGaIEGY1NTtbOM3:TAG8ghTaFbaTX+KFkSJ+m/koQ8iDAhZ3
-
Latentbot family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1