latentbot | 91417453ca93295c0ff5197f7a935600e01805f56a3f7c2625169d3c56cd639d | Triage

Sharing

General

Target

2e0914aef5690cebe3e4b3c3a1e8d939_JaffaCakes118
Size

928KB
Sample

240708-2a95fsvaqf
MD5

2e0914aef5690cebe3e4b3c3a1e8d939
SHA1

80c3bca2da21bc36b2c86888bf78c6d4c0581179
SHA256

91417453ca93295c0ff5197f7a935600e01805f56a3f7c2625169d3c56cd639d
SHA512

fba20bc120dc42ea40c16b05faef9e62cf66f9dd97dd9d6e3f24bc4da022c79eaad3ac141b6c03c11acfac9e11f05ff4770999917b3e3ce9ae4cb91a261c4f4a
SSDEEP

12288:9qgLFJVINwH6OjUpGmmG3s82e7ms2fHLuEvdu+yg5hhy+ZhFQMmNxTFfB2oPcFQi:98i7Nr8+P2B2hqhdH3sxz

Score

10^/10

latentbot evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

essstzttztz.zapto.org

Targets

- Target
  
  2e0914aef5690cebe3e4b3c3a1e8d939_JaffaCakes118
- Size
  
  928KB
- MD5
  
  2e0914aef5690cebe3e4b3c3a1e8d939
- SHA1
  
  80c3bca2da21bc36b2c86888bf78c6d4c0581179
- SHA256
  
  91417453ca93295c0ff5197f7a935600e01805f56a3f7c2625169d3c56cd639d
- SHA512
  
  fba20bc120dc42ea40c16b05faef9e62cf66f9dd97dd9d6e3f24bc4da022c79eaad3ac141b6c03c11acfac9e11f05ff4770999917b3e3ce9ae4cb91a261c4f4a
- SSDEEP
  
  12288:9qgLFJVINwH6OjUpGmmG3s82e7ms2fHLuEvdu+yg5hhy+ZhFQMmNxTFfB2oPcFQi:98i7Nr8+P2B2hqhdH3sxz
Score

10^/10

latentbot evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotevasionpersistencetrojan

behavioral2

latentbotevasionpersistencetrojan