latentbot | 79b02064715e60884ee53f29f23221564de7e3b8e984e65fca0082fdffdcf79b | Triage

Sharing

General

Target

b532e05e779500bdc9e81ab68df32054_JaffaCakes118
Size

258KB
Sample

240821-1tjaeasfmf
MD5

b532e05e779500bdc9e81ab68df32054
SHA1

9d8b85646be71642dea0f488d5aa0b82e9fd75f2
SHA256

79b02064715e60884ee53f29f23221564de7e3b8e984e65fca0082fdffdcf79b
SHA512

8bf8199dc7fbf9121a2e15174d9506e8630a1cbc75aa5ac56fd97e01be8d517408b939b0bb3b6263adc86a7a5a1b12753d3cedee62ebdbd59aa17e8f28eab91e
SSDEEP

3072:5G5rMlaTgOidzLWvI+Mgrq4NebArAntnU9cIw+cMYm0bPw0ctcYYYYYYYYYYYYYc:5GySidW9qaCArAtU9sMAPwJ

Score

10^/10

latentbot persistence trojan

Malware Config

Extracted

Family

latentbot

C2

lorelyfaggot.zapto.org

Targets

- Target
  
  b532e05e779500bdc9e81ab68df32054_JaffaCakes118
- Size
  
  258KB
- MD5
  
  b532e05e779500bdc9e81ab68df32054
- SHA1
  
  9d8b85646be71642dea0f488d5aa0b82e9fd75f2
- SHA256
  
  79b02064715e60884ee53f29f23221564de7e3b8e984e65fca0082fdffdcf79b
- SHA512
  
  8bf8199dc7fbf9121a2e15174d9506e8630a1cbc75aa5ac56fd97e01be8d517408b939b0bb3b6263adc86a7a5a1b12753d3cedee62ebdbd59aa17e8f28eab91e
- SSDEEP
  
  3072:5G5rMlaTgOidzLWvI+Mgrq4NebArAntnU9cIw+cMYm0bPw0ctcYYYYYYYYYYYYYc:5GySidW9qaCArAtU9sMAPwJ
Score

10^/10

latentbot persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotpersistencetrojan

behavioral2

latentbotpersistencetrojan