latentbot | 9b0d3e63e3167214577b30e6f2e19034414f2f565c708f689de51390fe0c772e | Triage

Sharing

General

Target

9c1c607c7085f6819346979715dda033_JaffaCakes118
Size

981KB
Sample

240815-3s47laxbpm
MD5

9c1c607c7085f6819346979715dda033
SHA1

166414beefabaf1866cfdfea8a72b222dcc674dc
SHA256

9b0d3e63e3167214577b30e6f2e19034414f2f565c708f689de51390fe0c772e
SHA512

f1824dd69f9250664c71ae28d5b1045c6551abc5af61f9f44cc0f877de722acb7100d72486584df614979dc27222dba1e1dbeddd02161afc633fab68670176b9
SSDEEP

24576:T/////76QhEtOa5VxNmfFWBlI9G4hOkjIIkGhBLE:fREtO8xNmwB293rIvqB

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

1rockanimal.zapto.org

2rockanimal.zapto.org

3rockanimal.zapto.org

4rockanimal.zapto.org

5rockanimal.zapto.org

6rockanimal.zapto.org

7rockanimal.zapto.org

8rockanimal.zapto.org

Targets

- Target
  
  9c1c607c7085f6819346979715dda033_JaffaCakes118
- Size
  
  981KB
- MD5
  
  9c1c607c7085f6819346979715dda033
- SHA1
  
  166414beefabaf1866cfdfea8a72b222dcc674dc
- SHA256
  
  9b0d3e63e3167214577b30e6f2e19034414f2f565c708f689de51390fe0c772e
- SHA512
  
  f1824dd69f9250664c71ae28d5b1045c6551abc5af61f9f44cc0f877de722acb7100d72486584df614979dc27222dba1e1dbeddd02161afc633fab68670176b9
- SSDEEP
  
  24576:T/////76QhEtOa5VxNmfFWBlI9G4hOkjIIkGhBLE:fREtO8xNmwB293rIvqB
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan