latentbot | 8a475b9ed64dfc045e031c84d54086971c5f3923b4e12839c2d82665e3708a82 | Triage

Sharing

General

Target

4ae76ddfeed12c84125007eb18d64ddc_JaffaCakes118
Size

597KB
Sample

240715-w8yw7atekk
MD5

4ae76ddfeed12c84125007eb18d64ddc
SHA1

9445dd42f9c617507d609d1bf445eed39d0da427
SHA256

8a475b9ed64dfc045e031c84d54086971c5f3923b4e12839c2d82665e3708a82
SHA512

22269d8bd32e4f16386bf065b7e5d519879cf8c9f127f912c9b6beefb51179438f045a800e056f94fbefa75df7145c6e265ce67f91f7c7fd7218da58fb2de453
SSDEEP

12288:n0ufUG9vKSDkfJWNvzfY0zInjjw/0rYD3nmC/zstEaDR5V/N/ZUs4Hh:h7lDkf0vzfYHnHw/0rYD3n1/zmR5VV/0

Score

10^/10

latentbot persistence trojan

Malware Config

Extracted

Family

latentbot

C2

31dbff04ffa60f2b4.zapto.org

Targets

- Target
  
  4ae76ddfeed12c84125007eb18d64ddc_JaffaCakes118
- Size
  
  597KB
- MD5
  
  4ae76ddfeed12c84125007eb18d64ddc
- SHA1
  
  9445dd42f9c617507d609d1bf445eed39d0da427
- SHA256
  
  8a475b9ed64dfc045e031c84d54086971c5f3923b4e12839c2d82665e3708a82
- SHA512
  
  22269d8bd32e4f16386bf065b7e5d519879cf8c9f127f912c9b6beefb51179438f045a800e056f94fbefa75df7145c6e265ce67f91f7c7fd7218da58fb2de453
- SSDEEP
  
  12288:n0ufUG9vKSDkfJWNvzfY0zInjjw/0rYD3nmC/zstEaDR5V/N/ZUs4Hh:h7lDkf0vzfYHnHw/0rYD3n1/zmR5VV/0
Score

10^/10

latentbot persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

latentbotpersistencetrojan