latentbot | bd0f61831c3cfdbb57c318d95d50022042f88620b46d882f9b691829983d9978 | Triage

Sharing

General

Target

dff08967e1062a4690ede25ff17bdb24_JaffaCakes118
Size

1.0MB
Sample

240914-lse42axfnn
MD5

dff08967e1062a4690ede25ff17bdb24
SHA1

d85488947703db3fc369b7e90f751efddc1323f1
SHA256

bd0f61831c3cfdbb57c318d95d50022042f88620b46d882f9b691829983d9978
SHA512

1b2be2262971339a276c4021f498a68d7ae92e9aaa5483871fc99de137d381003315161a2574d21dbee354bdf037dba2366d56a92dabb41486c49be927b15a2a
SSDEEP

12288:/6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75Li:/nQkTf4d+INGxetl0GrBb/A6752

Score

10^/10

latentbot discovery evasion trojan

Malware Config

Extracted

Family

latentbot

C2

patrickstar23.zapto.org

1patrickstar23.zapto.org

2patrickstar23.zapto.org

3patrickstar23.zapto.org

4patrickstar23.zapto.org

5patrickstar23.zapto.org

6patrickstar23.zapto.org

7patrickstar23.zapto.org

8patrickstar23.zapto.org

Targets

- Target
  
  EJ.Technologies.Exe4j.v4.1.1.Incl.Keygen-FALLEN.exe
- Size
  
  1024KB
- MD5
  
  5218d29024fe782f2b3a89c8f2126280
- SHA1
  
  00c48ebcf9eebce4e6553685b51e81bf5ae157e1
- SHA256
  
  bd7d710c5e3bcef37896ef22a6ff38128064a2ad870799da3c88466fc71b9d70
- SHA512
  
  6a14eba5410dbb9a2104652a66136003e5c83e4639180588b507a5a18c047ac77fe8c59d48808ad4e51b1482c0ebe47bf18a29699dbc92585af0b8001f10caf8
- SSDEEP
  
  12288:a6eVQkTrvj4d+dONGRpz5ljXeLY8Kk5tqGN0GvTBb/A4h75L:anQkTf4d+INGxetl0GrBb/A675
Score

10^/10

latentbot discovery evasion trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasiontrojan

behavioral2

latentbotdiscoveryevasiontrojan