latentbot | 13696fe74cc11c0f4956dd7b9b7bf1f1472d4a99db50709f995bfbd661c4f985 | Triage

Sharing

General

Target

58dbcf248fa9a4af5d313cd4ef8e3ad6_JaffaCakes118
Size

258KB
Sample

240718-yr68catepn
MD5

58dbcf248fa9a4af5d313cd4ef8e3ad6
SHA1

6901a4ad179b518ad698a4472256d1783030a022
SHA256

13696fe74cc11c0f4956dd7b9b7bf1f1472d4a99db50709f995bfbd661c4f985
SHA512

713bd7c925d96bc11f5669bcfe77ab5b221a7d412c69a7a023e2ae8add55307551495e584b9d54c87c41323993b9b0ef4fc3d74d8a2701596c6f8013b87495aa
SSDEEP

3072:5G5rMlaTgOidzLWvI+Mgrq4NebArAntnU9cIw+cMYm0bPw0ctcYYYYYYYYYYYYYc:5GySidW9qaCArAtU9sMAPwJ

Score

10^/10

latentbot persistence trojan

Malware Config

Extracted

Family

latentbot

C2

lorelyfaggot.zapto.org

Targets

- Target
  
  58dbcf248fa9a4af5d313cd4ef8e3ad6_JaffaCakes118
- Size
  
  258KB
- MD5
  
  58dbcf248fa9a4af5d313cd4ef8e3ad6
- SHA1
  
  6901a4ad179b518ad698a4472256d1783030a022
- SHA256
  
  13696fe74cc11c0f4956dd7b9b7bf1f1472d4a99db50709f995bfbd661c4f985
- SHA512
  
  713bd7c925d96bc11f5669bcfe77ab5b221a7d412c69a7a023e2ae8add55307551495e584b9d54c87c41323993b9b0ef4fc3d74d8a2701596c6f8013b87495aa
- SSDEEP
  
  3072:5G5rMlaTgOidzLWvI+Mgrq4NebArAntnU9cIw+cMYm0bPw0ctcYYYYYYYYYYYYYc:5GySidW9qaCArAtU9sMAPwJ
Score

10^/10

latentbot persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotpersistencetrojan

behavioral2

latentbotpersistencetrojan