latentbot | 76b44ea89c643596a81f26a4a5b49d1273298e8468d1e98bbb1728167464037a | Triage

Sharing

General

Target

cff25e1124d4ea17e34cfd412898ed3e_JaffaCakes118
Size

372KB
Sample

240906-trvr4awbpl
MD5

cff25e1124d4ea17e34cfd412898ed3e
SHA1

305f1a56b73b9d0528eca735e774b6712ca1fcb3
SHA256

76b44ea89c643596a81f26a4a5b49d1273298e8468d1e98bbb1728167464037a
SHA512

d1e995f3c8673949cf58af917923d17246efb6d12fcff3b2215358bdb4efc3b56e4601893c22741a8628a94de24d6b74cc1eb12f53a242aba4540316766ab782
SSDEEP

6144:zKdnFVQ0a++SNIepN5J5VdhYBCWyynWYMCytCjt3vwqPruaQ3JP0UwWa8WOa:zcFV+NSVpNrYBeyWIyatoErGMUwWZWOa

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

adolfhitlerhaxor.zapto.org

Targets

- Target
  
  cff25e1124d4ea17e34cfd412898ed3e_JaffaCakes118
- Size
  
  372KB
- MD5
  
  cff25e1124d4ea17e34cfd412898ed3e
- SHA1
  
  305f1a56b73b9d0528eca735e774b6712ca1fcb3
- SHA256
  
  76b44ea89c643596a81f26a4a5b49d1273298e8468d1e98bbb1728167464037a
- SHA512
  
  d1e995f3c8673949cf58af917923d17246efb6d12fcff3b2215358bdb4efc3b56e4601893c22741a8628a94de24d6b74cc1eb12f53a242aba4540316766ab782
- SSDEEP
  
  6144:zKdnFVQ0a++SNIepN5J5VdhYBCWyynWYMCytCjt3vwqPruaQ3JP0UwWa8WOa:zcFV+NSVpNrYBeyWIyatoErGMUwWZWOa
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan