latentbot | f501478c244e4901911f65b0576d829478f5fa7c6a228a5e6b00ddd955eb7767 | Triage

Sharing

General

Target

b006ddde6d0087906f9d4cccdac5bd35_JaffaCakes118
Size

4.0MB
Sample

240820-vaej8asgkb
MD5

b006ddde6d0087906f9d4cccdac5bd35
SHA1

e13b9f6aef4e67d2fe0f97de8cc7142af54df547
SHA256

f501478c244e4901911f65b0576d829478f5fa7c6a228a5e6b00ddd955eb7767
SHA512

5a70d12955a556a78f2323fbd717066fdb24b16f0ddeb109da6d8355e9ca29fbc28be5704093a5b068ee6614cf493568b56335b23c80cfecc916977020cff413
SSDEEP

12288:q6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75Li:qnQkTf4d+INGxetl0GrBb/A6752

Score

10^/10

latentbot discovery evasion trojan

Malware Config

Extracted

Family

latentbot

C2

patrickstar23.zapto.org

1patrickstar23.zapto.org

2patrickstar23.zapto.org

3patrickstar23.zapto.org

4patrickstar23.zapto.org

5patrickstar23.zapto.org

6patrickstar23.zapto.org

7patrickstar23.zapto.org

8patrickstar23.zapto.org

Targets

- Target
  
  DVM.Software.Score.Chart.Pro.Edition.v2.6.4.3.Incl.Keygen.Incl.Keygen.and.Patch-Lz0.exe
- Size
  
  4.0MB
- MD5
  
  7390fb261650e9015a00c29c61ac3677
- SHA1
  
  26ff56591d829d03c5968c2959631a13213ee505
- SHA256
  
  f507b2877afe1b0b8b53a3ab4481a5c17610c9570b1f85132cedb52192922ff4
- SHA512
  
  8f784b768d8052f037f0a1b243e083262fa1758e9c156009aa5b454a13da608c5a8ac2c9e45a567744d044973ccdddebcb8b3a69c44b8360e28575b82c429c52
- SSDEEP
  
  12288:a6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75L:anQkTf4d+INGxetl0GrBb/A675
Score

10^/10

latentbot discovery evasion trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasiontrojan

behavioral2

latentbotdiscoveryevasiontrojan