latentbot | 2bb71ca4a70842ccc89cede0a53d1be30f9d0cc35d828e2d15c816a36eb2ff47

Resubmissions

06-05-2024 10:43

240506-mr9space53 6

04-05-2024 18:27

240504-w32qwsee9y 10

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cpuhunter-master/WindowsFiles/is-dd.vbs/1kb.exe
Size

68KB
MD5

c712f7d5e28f63944da9c172ae5a1c01
SHA1

20f6b08fc5275b810c8c7858e2d2ddff0899cbd5
SHA256

343af74503346bb2c048807a261b774abcb8854c36dcb661edcf26b0a6d2113d
SHA512

f93be79fd844ae038aab73043e4d1932370b380566ebf0260f4b7f135627c4950a23ad4fc0626ca6ad6343224c328a364249ac5e91e5071009829c9e0bebe4a5
SSDEEP

1536:v833jyLRqb8fkf+0kR9Y3EZAdJyQd3WCJUJ:033jSRqB3u9Y3EyJyQdmCw

Score

10^/10

latentbot trojan

Malware Config

Extracted

Family

latentbot

spontela211.zapto.org

spontela213.zapto.org

spontela219.zapto.org

spontela215.zapto.org

spontela217.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	400	1kb.exe

C:\Users\Admin\AppData\Local\Temp\cpuhunter-master\WindowsFiles\is-dd.vbs\1kb.exe
"C:\Users\Admin\AppData\Local\Temp\cpuhunter-master\WindowsFiles\is-dd.vbs\1kb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/400-0-0x00000000746A2000-0x00000000746A3000-memory.dmp

Filesize
4KB

Download
memory/400-1-0x00000000746A0000-0x0000000074C51000-memory.dmp

Filesize
5.7MB

Download
memory/400-2-0x00000000746A0000-0x0000000074C51000-memory.dmp

Filesize
5.7MB

Download
memory/400-3-0x00000000746A0000-0x0000000074C51000-memory.dmp

Filesize
5.7MB

Download
memory/400-4-0x00000000746A2000-0x00000000746A3000-memory.dmp

Filesize
4KB

Download
memory/400-5-0x00000000746A0000-0x0000000074C51000-memory.dmp

Filesize
5.7MB

Download
memory/400-6-0x00000000746A0000-0x0000000074C51000-memory.dmp

Filesize
5.7MB

Download
memory/400-7-0x00000000746A0000-0x0000000074C51000-memory.dmp

Filesize
5.7MB

Download