latentbot | 22b7cc83d2aed69b6a7847e1b68e4b26f95707d1c3e860e19ede76dc389b2233 | Triage

Analysis

max time kernel
22s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 23:17

Sharing

Report Analysis Logs

General

Target

rrrrr.exe
Size

164KB
MD5

c737fc46fbb37e677f7e810d505aa751
SHA1

7ce44ba399b80e09b60f5ad58463255c5f99c8ee
SHA256

d0b1fed5b21a94dda259b4fe291ae191cabfb65508643fcdc3584ecc6c5e1b96
SHA512

eea6b1a39135c04235f0f9b2982828ba55c28b7b3585f42d4130ca483a74ede758f07718453a65d2b75bad1bd3953b5fcca9a99c40fa73f4c581790a916dbd0b
SSDEEP

3072:w5l6U/Y18R8BKTfKisJRyrgfAQOEgENUq3xbD0wiH/mse7e9ZDSQ:kldtkugfAgBhb77SGQ

Score

10^/10

latentbot trojan

Malware Config

Extracted

Family

latentbot

C2

ezjpeniscola1023.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4072	rrrrr.exe
Token: 33	4072	rrrrr.exe
Token: SeIncBasePriorityPrivilege	4072	rrrrr.exe
Token: 33	4072	rrrrr.exe
Token: SeIncBasePriorityPrivilege	4072	rrrrr.exe

C:\Users\Admin\AppData\Local\Temp\rrrrr.exe
"C:\Users\Admin\AppData\Local\Temp\rrrrr.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4072-0-0x0000000074CC0000-0x0000000075271000-memory.dmp

Filesize
5.7MB

Download
memory/4072-1-0x0000000001340000-0x0000000001350000-memory.dmp

Filesize
64KB

Download
memory/4072-2-0x0000000074CC0000-0x0000000075271000-memory.dmp

Filesize
5.7MB

Download