latentbot | 03c4482ca7fcf996fa0851fadef694fd3eaa7a878dc64d7cc29fe051a9ac066d | Triage

Submit
Reports

Overview

overview

Static

static

3

c45ab6184d...18.exe

windows7-x64

c45ab6184d...18.exe

windows10-2004-x64

Sharing

General

Target

c45ab6184d8eb1407aeb9b4404340be3_JaffaCakes118
Size

371KB
Sample

240827-e6xsnsvdnn
MD5

c45ab6184d8eb1407aeb9b4404340be3
SHA1

205c017e57b403ba2250ca0db48e0f4eb598fa33
SHA256

03c4482ca7fcf996fa0851fadef694fd3eaa7a878dc64d7cc29fe051a9ac066d
SHA512

edf4dd7308de52314e78e84227ee33c1637fbecf23881982329cf1c6c7d360d83b08ac1a06b2f7498eaa50bc5720741f70497e4bfa0405df78d4721598a33b31
SSDEEP

6144:LZqoI1g3rJLCRgJyHxpxA6hz4VPy8SmR7eanY29rzXI:LZqoIsJLCWJyxzkAmBnXBI

Score

10^/10

latentbot xtremerat discovery persistence rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c45ab6184d8eb1407aeb9b4404340be3_JaffaCakes118.exe

Resource

win7-20240729-en

latentbot xtremerat discovery persistence rat spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c45ab6184d8eb1407aeb9b4404340be3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

latentbot xtremerat discovery persistence rat spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

geotradepopov.zapto.org

Targets

- Target
  
  c45ab6184d8eb1407aeb9b4404340be3_JaffaCakes118
- Size
  
  371KB
- MD5
  
  c45ab6184d8eb1407aeb9b4404340be3
- SHA1
  
  205c017e57b403ba2250ca0db48e0f4eb598fa33
- SHA256
  
  03c4482ca7fcf996fa0851fadef694fd3eaa7a878dc64d7cc29fe051a9ac066d
- SHA512
  
  edf4dd7308de52314e78e84227ee33c1637fbecf23881982329cf1c6c7d360d83b08ac1a06b2f7498eaa50bc5720741f70497e4bfa0405df78d4721598a33b31
- SSDEEP
  
  6144:LZqoI1g3rJLCRgJyHxpxA6hz4VPy8SmR7eanY29rzXI:LZqoIsJLCWJyxzkAmBnXBI
Score

10^/10

latentbot xtremerat discovery persistence rat spyware trojan
- Detect XtremeRAT payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotxtremeratdiscoverypersistenceratspywaretrojan

behavioral2

latentbotxtremeratdiscoverypersistenceratspywaretrojan

© 2018-2024

Terms | Privacy