latentbot | 65f36d5e606af1c0c2f7d4f5103646f769c22e4ff4aed88476438662316d5da5 | Triage

Submit
Reports

Overview

overview

Static

static

3

567011a9f1...18.exe

windows7-x64

567011a9f1...18.exe

windows10-2004-x64

Sharing

General

Target

567011a9f1f4d04e6405f7c343deb67d_JaffaCakes118
Size

193KB
Sample

240718-jne75asenf
MD5

567011a9f1f4d04e6405f7c343deb67d
SHA1

bb6144594cbe4fffac20421c3d0013cc20ec8c19
SHA256

65f36d5e606af1c0c2f7d4f5103646f769c22e4ff4aed88476438662316d5da5
SHA512

f78014f1374d8914409ce48722cb1f8b4c3254afdc5a7bd001d45c964f993822037a4fbbb3d882c2a5528a1daa7063f4f7abb21f25a32297ee58d946c6d5240a
SSDEEP

3072:ipEiMxnf453AHnkh0vIy+GM1peZtWoA0iLmemn3cCV70P4kLY9Km6Vpr6mptxany:igA5g1QHp4AFmns1XY9B6/Gmptxany

Score

10^/10

latentbot evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

567011a9f1f4d04e6405f7c343deb67d_JaffaCakes118.exe

Resource

win7-20240704-en

latentbot evasion persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

567011a9f1f4d04e6405f7c343deb67d_JaffaCakes118.exe

Resource

win10v2004-20240709-en

latentbot evasion persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

win32tcpserver.zapto.org

1win32tcpserver.zapto.org

2win32tcpserver.zapto.org

3win32tcpserver.zapto.org

4win32tcpserver.zapto.org

5win32tcpserver.zapto.org

6win32tcpserver.zapto.org

7win32tcpserver.zapto.org

8win32tcpserver.zapto.org

Targets

- Target
  
  567011a9f1f4d04e6405f7c343deb67d_JaffaCakes118
- Size
  
  193KB
- MD5
  
  567011a9f1f4d04e6405f7c343deb67d
- SHA1
  
  bb6144594cbe4fffac20421c3d0013cc20ec8c19
- SHA256
  
  65f36d5e606af1c0c2f7d4f5103646f769c22e4ff4aed88476438662316d5da5
- SHA512
  
  f78014f1374d8914409ce48722cb1f8b4c3254afdc5a7bd001d45c964f993822037a4fbbb3d882c2a5528a1daa7063f4f7abb21f25a32297ee58d946c6d5240a
- SSDEEP
  
  3072:ipEiMxnf453AHnkh0vIy+GM1peZtWoA0iLmemn3cCV70P4kLY9Km6Vpr6mptxany:igA5g1QHp4AFmns1XY9B6/Gmptxany
Score

10^/10

latentbot evasion persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotevasionpersistencetrojanupx

behavioral2

latentbotevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy