latentbot | dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461 | Triage

Submit
Reports

Overview

overview

Static

static

3

dbfa0bedf0...61.exe

windows7-x64

7

dbfa0bedf0...61.exe

windows10-2004-x64

Sharing

General

Target

dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461
Size

382KB
Sample

240410-rtegsabb37
MD5

61c22386df656f32f45bc1928a1e5a94
SHA1

3f448c01907cf6dc39c3cdd4860accf5f222aff6
SHA256

dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461
SHA512

14e32e6b8e14b8c128515dda07d50c2b2da2a50ff60fff6b9a29d04000100b45e9fa79689ba2da36de7082257963005d33332ff30dbb121631eb405031de4c41
SSDEEP

6144:Bz+92mhAMJ/cPl3i8/hwJBXvJ+AiSWnmRR/Iq1ipEH3fa9t7SroeR43ddDWQt1S2:BK2mhAMJ/cPlJiXv4Aivmr/opq3S9g8H

Score

10^/10

latentbot netwire botnet persistence rat stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461.exe

Resource

win7-20240221-en

persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461.exe

Resource

win10v2004-20240226-en

latentbot netwire botnet persistence rat stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

netwire

C2

atlaswebportal.zapto.org:4000

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
1.6_R1_26.12.15
keylogger_dir
C:\NVIDIA\profile\
lock_executable
false
offline_keylogger
true
password
Micr0s0ft4456877
registry_autorun
false
use_mutex
false

Extracted

Family

latentbot

C2

atlaswebportal.zapto.org

Targets

- Target
  
  dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461
- Size
  
  382KB
- MD5
  
  61c22386df656f32f45bc1928a1e5a94
- SHA1
  
  3f448c01907cf6dc39c3cdd4860accf5f222aff6
- SHA256
  
  dbfa0bedf01e570f988beb7562f97356a9dc6cd97dc9908b99e99eb732f80461
- SHA512
  
  14e32e6b8e14b8c128515dda07d50c2b2da2a50ff60fff6b9a29d04000100b45e9fa79689ba2da36de7082257963005d33332ff30dbb121631eb405031de4c41
- SSDEEP
  
  6144:Bz+92mhAMJ/cPl3i8/hwJBXvJ+AiSWnmRR/Iq1ipEH3fa9t7SroeR43ddDWQt1S2:BK2mhAMJ/cPlJiXv4Aivmr/opq3S9g8H
Score

10^/10

persistence upx latentbot netwire botnet rat stealer trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

latentbotnetwirebotnetpersistenceratstealertrojanupx

© 2018-2025

Terms | Privacy