General

  • Target

    cd10c8d760988e3e110307788f0974e0N.exe

  • Size

    624KB

  • Sample

    240803-wre3ravhjf

  • MD5

    cd10c8d760988e3e110307788f0974e0

  • SHA1

    5b154258460704474a8f1cf82b1c5c1403c11cb4

  • SHA256

    035e40a53750865cd0dcb3d431ca48efe532082a4a80ed658e87a0343788fb61

  • SHA512

    ebef5f6e0b18a9aec44973169ebf25fe66089e573c6f9af8be59af85c86fce5c6b8aa27795a821a209bb77275b98f71cbbb92e9fb93d0f58504c4ab02fb1cb6b

  • SSDEEP

    12288:PzQOcFegUZYsJiJvjFoO7wiLOyEXfd8Vw8FIeVWhg:0OGvjFoOUHXl8u8Fj

Malware Config

Extracted

Family

latentbot

C2

extremehacker.zapto.org

Targets

    • Target

      cd10c8d760988e3e110307788f0974e0N.exe

    • Size

      624KB

    • MD5

      cd10c8d760988e3e110307788f0974e0

    • SHA1

      5b154258460704474a8f1cf82b1c5c1403c11cb4

    • SHA256

      035e40a53750865cd0dcb3d431ca48efe532082a4a80ed658e87a0343788fb61

    • SHA512

      ebef5f6e0b18a9aec44973169ebf25fe66089e573c6f9af8be59af85c86fce5c6b8aa27795a821a209bb77275b98f71cbbb92e9fb93d0f58504c4ab02fb1cb6b

    • SSDEEP

      12288:PzQOcFegUZYsJiJvjFoO7wiLOyEXfd8Vw8FIeVWhg:0OGvjFoOUHXl8u8Fj

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks