latentbot | 89869e327940caa8a7de6aa106598d2e5f561f7156dbd516d283a59ef99b405f | Triage

Sharing

General

Target

511cc263f68d7a61763b79ec5444081e_JaffaCakes118
Size

336KB
Sample

240717-czn6vavdmd
MD5

511cc263f68d7a61763b79ec5444081e
SHA1

28e041a383ecfbb4efc3fd22352313adcbbf6a5c
SHA256

89869e327940caa8a7de6aa106598d2e5f561f7156dbd516d283a59ef99b405f
SHA512

9c3166bf2bbd157aeee0f27fb306fa09657c47f83263efe6777022350233a1a84235226ee5bc0419d2516c62ddf28c2efdf6e7f3285a6b63b10a09e9bd2105d3
SSDEEP

6144:FG78LjzOANvSAsQLqF9pXMiY3sGB6UduRfLtcl:07kmAN6omFMb3sGB6UduRfLal

Score

10^/10

latentbot evasion trojan

Malware Config

Extracted

Family

latentbot

C2

darkcomet30.zapto.org

Targets

- Target
  
  511cc263f68d7a61763b79ec5444081e_JaffaCakes118
- Size
  
  336KB
- MD5
  
  511cc263f68d7a61763b79ec5444081e
- SHA1
  
  28e041a383ecfbb4efc3fd22352313adcbbf6a5c
- SHA256
  
  89869e327940caa8a7de6aa106598d2e5f561f7156dbd516d283a59ef99b405f
- SHA512
  
  9c3166bf2bbd157aeee0f27fb306fa09657c47f83263efe6777022350233a1a84235226ee5bc0419d2516c62ddf28c2efdf6e7f3285a6b63b10a09e9bd2105d3
- SSDEEP
  
  6144:FG78LjzOANvSAsQLqF9pXMiY3sGB6UduRfLtcl:07kmAN6omFMb3sGB6UduRfLal
Score

10^/10

latentbot evasion trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotevasiontrojan

behavioral2

latentbotevasiontrojan