General

  • Target

    JaffaCakes118_0d45fe1bc53fe53c60e52c6c608d04f0

  • Size

    368KB

  • Sample

    250604-heaevaskz5

  • MD5

    0d45fe1bc53fe53c60e52c6c608d04f0

  • SHA1

    63bc6687de5d89c02b81a5e5451be0f6bbc7c284

  • SHA256

    521208f8666769715282e7ff58a9201d8bf5aac3f816bc91e7e62712bed27f27

  • SHA512

    b14a134e0aa1e3df9473d4fb0168701a6250bc50d3a357948d334bf75ab198625a0760a348d4dd65194ef36f5af3d7fd4da2678cb5975a7ef69cdd3cda68b7a9

  • SSDEEP

    6144:TpSHm8gnhTB0FbhETV5wvr2FbwdU6NigfggEGa+sd4+/kPgQ8zGaIEGY1NTtbOM3:TAG8ghTaFbaTX+KFkSJ+m/koQ8iDAhZ3

Malware Config

Extracted

Family

latentbot

C2

sparrowjagwar.zapto.org

Targets

    • Target

      JaffaCakes118_0d45fe1bc53fe53c60e52c6c608d04f0

    • Size

      368KB

    • MD5

      0d45fe1bc53fe53c60e52c6c608d04f0

    • SHA1

      63bc6687de5d89c02b81a5e5451be0f6bbc7c284

    • SHA256

      521208f8666769715282e7ff58a9201d8bf5aac3f816bc91e7e62712bed27f27

    • SHA512

      b14a134e0aa1e3df9473d4fb0168701a6250bc50d3a357948d334bf75ab198625a0760a348d4dd65194ef36f5af3d7fd4da2678cb5975a7ef69cdd3cda68b7a9

    • SSDEEP

      6144:TpSHm8gnhTB0FbhETV5wvr2FbwdU6NigfggEGa+sd4+/kPgQ8zGaIEGY1NTtbOM3:TAG8ghTaFbaTX+KFkSJ+m/koQ8iDAhZ3

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks