latentbot | 6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9 | Triage

Submit
Reports

Overview

overview

Static

static

3

f2c9685f78...18.exe

windows7-x64

f2c9685f78...18.exe

windows10-2004-x64

Sharing

General

Target

f2c9685f78d6905e0c9644e8668e3664_JaffaCakes118
Size

896KB
Sample

240923-v8x48avejq
MD5

f2c9685f78d6905e0c9644e8668e3664
SHA1

82c6b3dc28ba5c858b6caa3898094c5952540795
SHA256

6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9
SHA512

922107924eb0f84f9f07829bfe593e307fb71dc35265b2db25a75e6c7fc88c855e827c84ff20125e04c945c895d10733e6e657e5d60c49597fb1839546e2205e
SSDEEP

6144:9KZAoVdw7mzHD9ckgcJdAMBGW60H1obeF9tigMCt:9dw5HRckP0I7lVobAigN

Score

10^/10

latentbot discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f2c9685f78d6905e0c9644e8668e3664_JaffaCakes118.exe

Resource

win7-20240708-en

latentbot discovery evasion persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f2c9685f78d6905e0c9644e8668e3664_JaffaCakes118.exe

Resource

win10v2004-20240802-en

latentbot discovery evasion persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

bandidos373.zapto.org

Targets

- Target
  
  f2c9685f78d6905e0c9644e8668e3664_JaffaCakes118
- Size
  
  896KB
- MD5
  
  f2c9685f78d6905e0c9644e8668e3664
- SHA1
  
  82c6b3dc28ba5c858b6caa3898094c5952540795
- SHA256
  
  6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9
- SHA512
  
  922107924eb0f84f9f07829bfe593e307fb71dc35265b2db25a75e6c7fc88c855e827c84ff20125e04c945c895d10733e6e657e5d60c49597fb1839546e2205e
- SSDEEP
  
  6144:9KZAoVdw7mzHD9ckgcJdAMBGW60H1obeF9tigMCt:9dw5HRckP0I7lVobAigN
Score

10^/10

latentbot discovery evasion persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojanupx

behavioral2

latentbotdiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy