latentbot | 44c8c595d1f177a4ecb24cf3f87ea1268d412e090a94ccfa8bae7f481782f582 | Triage

Sharing

General

Target

19e625fa44c4036e589ccfccf5402ee7_JaffaCakes118
Size

692KB
Sample

240628-m91bzawemf
MD5

19e625fa44c4036e589ccfccf5402ee7
SHA1

335bd21b3b0ee82df371ead3ec7935c55fe395c0
SHA256

44c8c595d1f177a4ecb24cf3f87ea1268d412e090a94ccfa8bae7f481782f582
SHA512

4d30863bea7c66d05ec85103d55d3f183f414e7e863eb2ee535cdd3198b067bc66301776697747d66edc485c2946c634df65754ae1f96e3d7b362454c1bd57cc
SSDEEP

12288:eo2VOCmcf8y/uEtW2ofMca8OXfPM0KUs7wcNI9vk3gnmN3cYt8dL:d12ofMcQfPMXU+wVGbNsY

Score

10^/10

latentbot bootkit evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

1juliagaetz.zapto.org

2juliagaetz.zapto.org

3juliagaetz.zapto.org

4juliagaetz.zapto.org

5juliagaetz.zapto.org

6juliagaetz.zapto.org

7juliagaetz.zapto.org

8juliagaetz.zapto.org

Targets

- Target
  
  19e625fa44c4036e589ccfccf5402ee7_JaffaCakes118
- Size
  
  692KB
- MD5
  
  19e625fa44c4036e589ccfccf5402ee7
- SHA1
  
  335bd21b3b0ee82df371ead3ec7935c55fe395c0
- SHA256
  
  44c8c595d1f177a4ecb24cf3f87ea1268d412e090a94ccfa8bae7f481782f582
- SHA512
  
  4d30863bea7c66d05ec85103d55d3f183f414e7e863eb2ee535cdd3198b067bc66301776697747d66edc485c2946c634df65754ae1f96e3d7b362454c1bd57cc
- SSDEEP
  
  12288:eo2VOCmcf8y/uEtW2ofMca8OXfPM0KUs7wcNI9vk3gnmN3cYt8dL:d12ofMcQfPMXU+wVGbNsY
Score

10^/10

latentbot bootkit evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotbootkitevasionpersistencetrojan

behavioral2

latentbotbootkitevasionpersistencetrojan