latentbot | 095f447786a87fc7db8cf63d76dba72b5cdbff8cd772d82cad534d85fb196112 | Triage

Sharing

General

Target

c9eae75200b39e5f36366ec0b0668cd6_JaffaCakes118
Size

1020KB
Sample

240830-avxlbazgnj
MD5

c9eae75200b39e5f36366ec0b0668cd6
SHA1

4f4db5f46c077d85b3f6c2131abaafb02b57c313
SHA256

095f447786a87fc7db8cf63d76dba72b5cdbff8cd772d82cad534d85fb196112
SHA512

d4db509bd3a7e740e29257269229f65238876fd3fab1c84802fe05fd0ccc9c14b019d6109658a6ef8f846c8e42b041cf67b53d3af71b7cb42842710d86a67131
SSDEEP

24576:sPeJ0NahjVno5AdSsVaNVfyt54SyrY7GAnW2wtWFcYGWrj:sPeSavDQQ5yE6ZtWuPM

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

1n4pl3style.zapto.org

2n4pl3style.zapto.org

3n4pl3style.zapto.org

4n4pl3style.zapto.org

5n4pl3style.zapto.org

6n4pl3style.zapto.org

7n4pl3style.zapto.org

8n4pl3style.zapto.org

Targets

- Target
  
  c9eae75200b39e5f36366ec0b0668cd6_JaffaCakes118
- Size
  
  1020KB
- MD5
  
  c9eae75200b39e5f36366ec0b0668cd6
- SHA1
  
  4f4db5f46c077d85b3f6c2131abaafb02b57c313
- SHA256
  
  095f447786a87fc7db8cf63d76dba72b5cdbff8cd772d82cad534d85fb196112
- SHA512
  
  d4db509bd3a7e740e29257269229f65238876fd3fab1c84802fe05fd0ccc9c14b019d6109658a6ef8f846c8e42b041cf67b53d3af71b7cb42842710d86a67131
- SSDEEP
  
  24576:sPeJ0NahjVno5AdSsVaNVfyt54SyrY7GAnW2wtWFcYGWrj:sPeSavDQQ5yE6ZtWuPM
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan