latentbot | 8349b212d46a72ef1d1847f8742623566dac0b9f91e3a97bc4f0aa85c049adfa | Triage

Sharing

General

Target

dc0d74034afb5ea36e8b31bf1d304e3a_JaffaCakes118
Size

451KB
Sample

240912-h3ttdsxfrb
MD5

dc0d74034afb5ea36e8b31bf1d304e3a
SHA1

b60074702b9642e3a6e7b8f8e466e454a0082d05
SHA256

8349b212d46a72ef1d1847f8742623566dac0b9f91e3a97bc4f0aa85c049adfa
SHA512

9b97a699e8e38ed75b44d325f470b140970a54305489bcb37911ab9f120f4380c8eb720d07f9702aeb5eeae0b8e12986122a017b561434cd4a1d7fa3b8d9b99a
SSDEEP

6144:SiLXPeYdedgTu5Id+TCnbsAQCNJmcYhrVcMMT33j+h6I5Ra:1mY4ykIxN2RMr3cR

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

runescapebot1341.zapto.org

Targets

- Target
  
  dc0d74034afb5ea36e8b31bf1d304e3a_JaffaCakes118
- Size
  
  451KB
- MD5
  
  dc0d74034afb5ea36e8b31bf1d304e3a
- SHA1
  
  b60074702b9642e3a6e7b8f8e466e454a0082d05
- SHA256
  
  8349b212d46a72ef1d1847f8742623566dac0b9f91e3a97bc4f0aa85c049adfa
- SHA512
  
  9b97a699e8e38ed75b44d325f470b140970a54305489bcb37911ab9f120f4380c8eb720d07f9702aeb5eeae0b8e12986122a017b561434cd4a1d7fa3b8d9b99a
- SSDEEP
  
  6144:SiLXPeYdedgTu5Id+TCnbsAQCNJmcYhrVcMMT33j+h6I5Ra:1mY4ykIxN2RMr3cR
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan