latentbot | 470a47c16294d724cbfbeff06ac09ab1cbfa26b9c16adf1adb1651c7ac9c80dd | Triage

Sharing

General

Target

be928d68e0e412826aeccea4c385895f_JaffaCakes118
Size

590KB
Sample

240824-pgaxqazarc
MD5

be928d68e0e412826aeccea4c385895f
SHA1

a309dd565ebc796ade2df8962bf89fabcf561698
SHA256

470a47c16294d724cbfbeff06ac09ab1cbfa26b9c16adf1adb1651c7ac9c80dd
SHA512

5de825be8c7b9993459180dad125f9a2835738befd37270adf032bf87b6e2fcbfdf22f4be36b71329de091b581074cdc944a0fd20a45cb8a9cba0095cf557f13
SSDEEP

12288:Pw/8IIyz3GY+O8tacPeor0/7YyCaAmyTaUVce0:Pwp7+/tNP5JrmqU

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

gfaghrtehxvdfsqaj.zapto.org

1gfaghrtehxvdfsqaj.zapto.org

2gfaghrtehxvdfsqaj.zapto.org

3gfaghrtehxvdfsqaj.zapto.org

4gfaghrtehxvdfsqaj.zapto.org

5gfaghrtehxvdfsqaj.zapto.org

6gfaghrtehxvdfsqaj.zapto.org

7gfaghrtehxvdfsqaj.zapto.org

8gfaghrtehxvdfsqaj.zapto.org

Targets

- Target
  
  be928d68e0e412826aeccea4c385895f_JaffaCakes118
- Size
  
  590KB
- MD5
  
  be928d68e0e412826aeccea4c385895f
- SHA1
  
  a309dd565ebc796ade2df8962bf89fabcf561698
- SHA256
  
  470a47c16294d724cbfbeff06ac09ab1cbfa26b9c16adf1adb1651c7ac9c80dd
- SHA512
  
  5de825be8c7b9993459180dad125f9a2835738befd37270adf032bf87b6e2fcbfdf22f4be36b71329de091b581074cdc944a0fd20a45cb8a9cba0095cf557f13
- SSDEEP
  
  12288:Pw/8IIyz3GY+O8tacPeor0/7YyCaAmyTaUVce0:Pwp7+/tNP5JrmqU
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan