latentbot | fe2606e24c7e7b6289acc356907ebd884c15c93d05b6c7ea7127aa3c85200bad | Triage

Sharing

General

Target

f0914c5cfacbff5faa0a474ffb0a6c49_JaffaCakes118
Size

252KB
Sample

240921-zee4rssdjh
MD5

f0914c5cfacbff5faa0a474ffb0a6c49
SHA1

89bcf8620e3b3724c2d806793d7824a5c63194ee
SHA256

fe2606e24c7e7b6289acc356907ebd884c15c93d05b6c7ea7127aa3c85200bad
SHA512

d484e27d5d406074b20596ba503c3ce03c51dfedb719077301283c84c600f1a40a2f5f0257f26ed1b07cc3e440cb36ca43cf09ad3171be3e37091f8e7d2f37af
SSDEEP

6144:Rg/f/HI2MCdkK64+67N/yEhk+x5Ntl8UyqhBPGhhQV7aoyp5Db907vH:q3/HI2MCdkK64l7RjhkA5ICG2nyp1

Score

10^/10

latentbot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

latentbot

C2

saldibzz101.zapto.org

Targets

- Target
  
  f0914c5cfacbff5faa0a474ffb0a6c49_JaffaCakes118
- Size
  
  252KB
- MD5
  
  f0914c5cfacbff5faa0a474ffb0a6c49
- SHA1
  
  89bcf8620e3b3724c2d806793d7824a5c63194ee
- SHA256
  
  fe2606e24c7e7b6289acc356907ebd884c15c93d05b6c7ea7127aa3c85200bad
- SHA512
  
  d484e27d5d406074b20596ba503c3ce03c51dfedb719077301283c84c600f1a40a2f5f0257f26ed1b07cc3e440cb36ca43cf09ad3171be3e37091f8e7d2f37af
- SSDEEP
  
  6144:Rg/f/HI2MCdkK64+67N/yEhk+x5Ntl8UyqhBPGhhQV7aoyp5Db907vH:q3/HI2MCdkK64l7RjhkA5ICG2nyp1
Score

10^/10

latentbot discovery evasion persistence privilege_escalation trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan