latentbot | 223364303e379b4167dfb88d14588bdefe813fd5739c3d4b4e31ddacd7eb2652 | Triage

Submit
Reports

Overview

overview

Static

static

3

2e0af84f66...18.exe

windows7-x64

2e0af84f66...18.exe

windows10-2004-x64

Sharing

General

Target

2e0af84f66d41d82bd31910925ff0586_JaffaCakes118
Size

416KB
Sample

240708-2cx8nssbrr
MD5

2e0af84f66d41d82bd31910925ff0586
SHA1

c3c48f53fbafd2b5e225510c8c06ca8652a101e0
SHA256

223364303e379b4167dfb88d14588bdefe813fd5739c3d4b4e31ddacd7eb2652
SHA512

fa9c26701341030b43c5abfa4e518924eed80dafc058510d43baf7a580cc8dd712b114df9da3d91c9824542c70b663e4e6e7ca30ae5b6e058f642bf13c80fc7b
SSDEEP

6144:azN59KE1Lr8Wg4910iZN5xlCgNrmeSGUxIjJoKFpM61Uqo:azN59L8WhNLxlV1pSGXpz1UL

Score

10^/10

latentbot bootkit evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e0af84f66d41d82bd31910925ff0586_JaffaCakes118.exe

Resource

win7-20240704-en

latentbot bootkit evasion persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2e0af84f66d41d82bd31910925ff0586_JaffaCakes118.exe

Resource

win10v2004-20240704-en

latentbot bootkit evasion persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

nyandcompany.zapto.org

1nyandcompany.zapto.org

2nyandcompany.zapto.org

3nyandcompany.zapto.org

4nyandcompany.zapto.org

5nyandcompany.zapto.org

6nyandcompany.zapto.org

7nyandcompany.zapto.org

8nyandcompany.zapto.org

Targets

- Target
  
  2e0af84f66d41d82bd31910925ff0586_JaffaCakes118
- Size
  
  416KB
- MD5
  
  2e0af84f66d41d82bd31910925ff0586
- SHA1
  
  c3c48f53fbafd2b5e225510c8c06ca8652a101e0
- SHA256
  
  223364303e379b4167dfb88d14588bdefe813fd5739c3d4b4e31ddacd7eb2652
- SHA512
  
  fa9c26701341030b43c5abfa4e518924eed80dafc058510d43baf7a580cc8dd712b114df9da3d91c9824542c70b663e4e6e7ca30ae5b6e058f642bf13c80fc7b
- SSDEEP
  
  6144:azN59KE1Lr8Wg4910iZN5xlCgNrmeSGUxIjJoKFpM61Uqo:azN59L8WhNLxlV1pSGXpz1UL
Score

10^/10

latentbot bootkit evasion persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotbootkitevasionpersistencetrojanupx

behavioral2

latentbotbootkitevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy