latentbot

General

Target

aEnviar.zip
Size

5.3MB
Sample

240507-xracyadd49
MD5

32a7fe27038c1e9fe030467786f4a727
SHA1

547a4748d8504b8f0a016d378c515f8edd38ba0e
SHA256

bad303ed2137a6176cb437bac01791856e8d5d89698ae72d7e3d4601f94b9cb1
SHA512

93ebb3485084710130292a91cbbbd794a919248653d9f564599abdcbf4290b604b82409a0626aacb2d24967ad426faf7049c016fc4349b161fe41eed852584ea
SSDEEP

98304:bl7g6Rj0FVaqol7g6Rj0FVaqOVPtKRAOiDyAMukgO/Yd6ZuXB3q3bvlYbd:50OT0Otn1OUkgO/QJieJ

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

NaWee

C2

zayprostofyrim.zapto.org:8080

Mutex

4d22ea2c-7165-4e19-b5fe-0850e5b37080

Attributes

encryption_key
97F480AFD18B078BDCDBAF4CB14583954161150A
install_name
Runtime Broker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
DriversUpdate

Extracted

Family

latentbot

C2

zayprostofyrim.zapto.org

Targets

- Target
  
  Runtime Broker.exe
- Size
  
  2.8MB
- MD5
  
  31a412ad6c5741c529a72949aa024aa4
- SHA1
  
  c44abf72990200f1d01d80595d0182e2cb43b025
- SHA256
  
  abc3808c270535ee113955102a4d007a1e8c7a534292822df060ab22b05681c8
- SHA512
  
  d52694593d960746cae9235d2803005a1e4f6aa10b127537908be0fb81da869191d473b685e3ad7a3ad3210cfe7a99c50d9b4f6ffbea4523efcecb35d1033560
- SSDEEP
  
  49152:d5UzfQXMgwdwpXA2dcMr+mWwx6re1+mKfzUfwza32ehyfTBm:d5U7QXMgwdwNddcMr+mWwx6615K6
Score

10^/10

latentbot quasar nawee spyware trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Runtime_Broker.exe
- Size
  
  2.8MB
- MD5
  
  31a412ad6c5741c529a72949aa024aa4
- SHA1
  
  c44abf72990200f1d01d80595d0182e2cb43b025
- SHA256
  
  abc3808c270535ee113955102a4d007a1e8c7a534292822df060ab22b05681c8
- SHA512
  
  d52694593d960746cae9235d2803005a1e4f6aa10b127537908be0fb81da869191d473b685e3ad7a3ad3210cfe7a99c50d9b4f6ffbea4523efcecb35d1033560
- SSDEEP
  
  49152:d5UzfQXMgwdwpXA2dcMr+mWwx6re1+mKfzUfwza32ehyfTBm:d5U7QXMgwdwNddcMr+mWwx6615K6
Score

10^/10

latentbot quasar nawee spyware trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral3 behavioral4
- Target
  
  updater.exe
- Size
  
  7.8MB
- MD5
  
  87beedbe66a91619f1a4186ef85e052e
- SHA1
  
  9f9b24022d0ad059fd24a2b9c94cdac87a399184
- SHA256
  
  d1ea28dee35382c510a49e4304ed7cead25bcee5cc869c73c9c53f333139e060
- SHA512
  
  f91a4d29d55b990c568eabc51e685f054f6d2a5fc42bf0f8371c435f521c752c9dc582ec0a52d98a03253bc6b09d26feb0a9bd2b95dec55403ab73374b9e4cb9
- SSDEEP
  
  98304:P+U9oUzsxBTVgMY9Sh+a+XkHzrkg8wBYzS0XMqdazDU1Cf1bkUTktjT1/TW2L8mq:EVBTTT/Y7Te1LWZH7lDskNk1ws
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Quasar RAT

Quasar payload

Executes dropped EXE

LatentBot

Quasar RAT

Quasar payload

Executes dropped EXE

xmrig

XMRig Miner payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6