latentbot | d4a8a55eea33b7b0c64416c586edc4226aa9324d881c9fc00220e34e3600752f | Triage

Submit
Reports

Overview

overview

Static

static

7

58f69dae70...18.exe

windows7-x64

58f69dae70...18.exe

windows10-2004-x64

7

Sharing

General

Target

58f69dae708d47196a060103e44b7179_JaffaCakes118
Size

1.1MB
Sample

240718-zclhrsveln
MD5

58f69dae708d47196a060103e44b7179
SHA1

9669a2e3601be7b13890db641f2335009abb2642
SHA256

d4a8a55eea33b7b0c64416c586edc4226aa9324d881c9fc00220e34e3600752f
SHA512

e8f88a4884c1fd99853f278cfd34db2c2b6f6d93fe0057bd0428d4580fb9bb402da1014156004ac22f1bbe132854434ffff475c5bbb9a438df96c6b2c30ea205
SSDEEP

24576:id0L4tOPisBId5Euehd63IemrlN2qRL6ccms4f:kltOP8d5EpCKrXRLFlH

Score

10^/10

latentbot evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

58f69dae708d47196a060103e44b7179_JaffaCakes118.exe

Resource

win7-20240708-en

latentbot evasion themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

58f69dae708d47196a060103e44b7179_JaffaCakes118.exe

Resource

win10v2004-20240709-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

atualizador.zapto.org

Targets

- Target
  
  58f69dae708d47196a060103e44b7179_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  58f69dae708d47196a060103e44b7179
- SHA1
  
  9669a2e3601be7b13890db641f2335009abb2642
- SHA256
  
  d4a8a55eea33b7b0c64416c586edc4226aa9324d881c9fc00220e34e3600752f
- SHA512
  
  e8f88a4884c1fd99853f278cfd34db2c2b6f6d93fe0057bd0428d4580fb9bb402da1014156004ac22f1bbe132854434ffff475c5bbb9a438df96c6b2c30ea205
- SSDEEP
  
  24576:id0L4tOPisBId5Euehd63IemrlN2qRL6ccms4f:kltOP8d5EpCKrXRLFlH
Score

10^/10

latentbot evasion themida trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Drops startup file
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotevasionthemidatrojan

behavioral2

© 2018-2025

Terms | Privacy