latentbot | afb976855a579c48d62c6ae4ea7e2c52b7c9a651c25ae999c38cac1f10b16a06 | Triage

Submit
Reports

Overview

overview

Static

static

3

5b46786e8b...18.exe

windows7-x64

5b46786e8b...18.exe

windows10-2004-x64

Sharing

General

Target

5b46786e8b21decf3c37cd22683d79f9_JaffaCakes118
Size

262KB
Sample

240719-k1jlraweph
MD5

5b46786e8b21decf3c37cd22683d79f9
SHA1

8e30e3313ad2149959ba4c4eb6a4652afb140413
SHA256

afb976855a579c48d62c6ae4ea7e2c52b7c9a651c25ae999c38cac1f10b16a06
SHA512

00c791eff9a69d7b249d3b1bd2f8aa6095a8380f24e20c85cf20154dc747d51a5380fa6b6a77d37704ae7308b04f0b412c900cf395d9164a0407dcb62fe88228
SSDEEP

6144:WZANI8hAiQIPClbtwdGd2mJjzDNwAAzQ9:7C8hqtwde2m5P6tzO

Score

10^/10

latentbot modiloader evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5b46786e8b21decf3c37cd22683d79f9_JaffaCakes118.exe

Resource

win7-20240705-en

latentbot modiloader evasion persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b46786e8b21decf3c37cd22683d79f9_JaffaCakes118.exe

Resource

win10v2004-20240709-en

latentbot modiloader evasion persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

kankabengeldim.zapto.org

Targets

- Target
  
  5b46786e8b21decf3c37cd22683d79f9_JaffaCakes118
- Size
  
  262KB
- MD5
  
  5b46786e8b21decf3c37cd22683d79f9
- SHA1
  
  8e30e3313ad2149959ba4c4eb6a4652afb140413
- SHA256
  
  afb976855a579c48d62c6ae4ea7e2c52b7c9a651c25ae999c38cac1f10b16a06
- SHA512
  
  00c791eff9a69d7b249d3b1bd2f8aa6095a8380f24e20c85cf20154dc747d51a5380fa6b6a77d37704ae7308b04f0b412c900cf395d9164a0407dcb62fe88228
- SSDEEP
  
  6144:WZANI8hAiQIPClbtwdGd2mJjzDNwAAzQ9:7C8hqtwde2m5P6tzO
Score

10^/10

latentbot modiloader evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotmodiloaderevasionpersistencetrojan

behavioral2

latentbotmodiloaderevasionpersistencetrojan

© 2018-2025

Terms | Privacy