latentbot | be8d2b084701ce57b21780e2bbacb098c34894ffdc8a4d1bf97723cc859eb507 | Triage

Sharing

General

Target

67aeaa08b19f9d8cb700a9ed15f6dc64_JaffaCakes118
Size

1.0MB
Sample

240723-p6sh3a1bnm
MD5

67aeaa08b19f9d8cb700a9ed15f6dc64
SHA1

c488187f47507c045b5ea16ce26870b573ea7d24
SHA256

be8d2b084701ce57b21780e2bbacb098c34894ffdc8a4d1bf97723cc859eb507
SHA512

b192fd9d2eccc3eacdb1587485b23761957e2bb4a17be6737bcc8794275c287d7fc68a808ed372caaee5f3367b2fb081deeab7af9b0de96cf327f552df6c4906
SSDEEP

12288:06eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75Li:0nQkTf4d+INGxetl0GrBb/A6752

Score

10^/10

latentbot evasion trojan

Malware Config

Extracted

Family

latentbot

C2

patrickstar23.zapto.org

1patrickstar23.zapto.org

2patrickstar23.zapto.org

3patrickstar23.zapto.org

4patrickstar23.zapto.org

5patrickstar23.zapto.org

6patrickstar23.zapto.org

7patrickstar23.zapto.org

8patrickstar23.zapto.org

Targets

- Target
  
  EJ.Technologies.Exe4j.v4.1.1.LiNUX.Incl.Keygen-FALLEN.exe
- Size
  
  1024KB
- MD5
  
  5218d29024fe782f2b3a89c8f2126280
- SHA1
  
  00c48ebcf9eebce4e6553685b51e81bf5ae157e1
- SHA256
  
  bd7d710c5e3bcef37896ef22a6ff38128064a2ad870799da3c88466fc71b9d70
- SHA512
  
  6a14eba5410dbb9a2104652a66136003e5c83e4639180588b507a5a18c047ac77fe8c59d48808ad4e51b1482c0ebe47bf18a29699dbc92585af0b8001f10caf8
- SSDEEP
  
  12288:a6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75L:anQkTf4d+INGxetl0GrBb/A675
Score

10^/10

latentbot evasion trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotevasiontrojan

behavioral2

latentbotevasiontrojan