Overview

overview

10

Static

static

3

2cdc39f39a...50.exe

windows7-x64

10

2cdc39f39a...50.exe

windows10-1703-x64

7

2cdc39f39a...50.exe

windows10-2004-x64

7

2cdc39f39a...50.exe

windows11-21h2-x64

10

Resubmissions

12/04/2024, 14:40

240412-r19aqsec6y 10

12/04/2024, 14:40

240412-r18n7sec6x 10

12/04/2024, 14:36

240412-rylfwsbc28 10

12/04/2024, 14:36

240412-rykvcsec4t 10

12/04/2024, 14:36

240412-rykjlaec4s 8

09/04/2024, 07:38

240409-jgem1shg29 8

09/04/2024, 07:38

240409-jgdqqahg28 10

09/04/2024, 07:38

240409-jgc47ada4y 10

09/04/2024, 07:38

240409-jgctesda4v 8

25/12/2023, 04:54

231225-fjlybsahbr 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250

  • Size

    1.9MB

  • Sample

    240409-jgdqqahg28

  • MD5

    59646583129acf5244d686f15aadb25a

  • SHA1

    5b8b55dc12217eb37bd25ca61cd7aceec729e603

  • SHA256

    2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250

  • SHA512

    99a4c6612de866f966f2b9f84c16ada59d3606db942011d720debe12f4b059a9aec1b7c1046231b15ae728b6a27e616056588680aa3ebcbf0340a4d6eeddb9b2

  • SSDEEP

    49152:Qe6RRRpEHQN/ThQrezxMQnXW8qaJZkRLagEoH6gFt:Q9nLEcrhhmYLwpbE+t

Score
10/10
latentbotdiscoverypersistencetrojanupx

Malware Config

Extracted

Family

latentbot

C2

animetracker.zapto.org

Extracted

Credentials

Targets

    • Target

      2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250

    • Size

      1.9MB

    • MD5

      59646583129acf5244d686f15aadb25a

    • SHA1

      5b8b55dc12217eb37bd25ca61cd7aceec729e603

    • SHA256

      2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250

    • SHA512

      99a4c6612de866f966f2b9f84c16ada59d3606db942011d720debe12f4b059a9aec1b7c1046231b15ae728b6a27e616056588680aa3ebcbf0340a4d6eeddb9b2

    • SSDEEP

      49152:Qe6RRRpEHQN/ThQrezxMQnXW8qaJZkRLagEoH6gFt:Q9nLEcrhhmYLwpbE+t

    Score
    10/10
    latentbotdiscoverypersistencetrojanupx

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Contacts a large (877) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks