latentbot | 6f6113b1d0fe8aa2a498ef3eee730f3671053bbcfa6f278a346e282e0456168b | Triage

Submit
Reports

Overview

overview

Static

static

3

4008d944bb...18.exe

windows7-x64

4008d944bb...18.exe

windows10-2004-x64

Sharing

General

Target

4008d944bb4485acce770a431b395ba0_JaffaCakes118
Size

295KB
Sample

240713-d5l44swfje
MD5

4008d944bb4485acce770a431b395ba0
SHA1

5feca63cf3d3d2a0ef623fe9a56f76da5f238519
SHA256

6f6113b1d0fe8aa2a498ef3eee730f3671053bbcfa6f278a346e282e0456168b
SHA512

a9b5e3ad27d5866abfa28f2913dc14244757367dc4e7e9ba56bf4dcc4395eabb9b50943f8eab7fc885868d2ee547d6b96c1c9909207bf71e37ea8bde09c00353
SSDEEP

6144:0soOO2JucbF9AwphUegCEe9dbAOSFGQQytBWoL:voan9AuhrwGAOSFUYL

Score

10^/10

latentbot evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4008d944bb4485acce770a431b395ba0_JaffaCakes118.exe

Resource

win7-20240704-en

latentbot evasion persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4008d944bb4485acce770a431b395ba0_JaffaCakes118.exe

Resource

win10v2004-20240709-en

latentbot evasion persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

propagandagreifing.zapto.org

Targets

- Target
  
  4008d944bb4485acce770a431b395ba0_JaffaCakes118
- Size
  
  295KB
- MD5
  
  4008d944bb4485acce770a431b395ba0
- SHA1
  
  5feca63cf3d3d2a0ef623fe9a56f76da5f238519
- SHA256
  
  6f6113b1d0fe8aa2a498ef3eee730f3671053bbcfa6f278a346e282e0456168b
- SHA512
  
  a9b5e3ad27d5866abfa28f2913dc14244757367dc4e7e9ba56bf4dcc4395eabb9b50943f8eab7fc885868d2ee547d6b96c1c9909207bf71e37ea8bde09c00353
- SSDEEP
  
  6144:0soOO2JucbF9AwphUegCEe9dbAOSFGQQytBWoL:voan9AuhrwGAOSFUYL
Score

10^/10

latentbot evasion persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotevasionpersistencetrojanupx

behavioral2

latentbotevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy