latentbot | 06b87b3c4f401611e1c69914aad3b96a9c71c71863d20460d2d887d09a8e1921 | Triage

Sharing

General

Target

f6e9a0c8baf7adb4542fc03c1eb25b04_JaffaCakes118
Size

1.0MB
Sample

240925-1kaxnsyhlk
MD5

f6e9a0c8baf7adb4542fc03c1eb25b04
SHA1

d29d9f858315929b4b55ca08f8c274df175f7bc0
SHA256

06b87b3c4f401611e1c69914aad3b96a9c71c71863d20460d2d887d09a8e1921
SHA512

adaa3fb90c675788da72daf8003573ad46a4f157068355159463760fd5f54a19c5a4978ba4282d7374ea3be8161fc4235852681348326a4b4f3de2166bb225e9
SSDEEP

24576:daTI658f1k2A/BDG45rQcPQmW8Z1xOtSlBwyh:dP6Kf4Pkcmg

Score

10^/10

latentbot discovery persistence trojan

Malware Config

Extracted

Family

latentbot

C2

totuccio305.zapto.org

Targets

- Target
  
  f6e9a0c8baf7adb4542fc03c1eb25b04_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  f6e9a0c8baf7adb4542fc03c1eb25b04
- SHA1
  
  d29d9f858315929b4b55ca08f8c274df175f7bc0
- SHA256
  
  06b87b3c4f401611e1c69914aad3b96a9c71c71863d20460d2d887d09a8e1921
- SHA512
  
  adaa3fb90c675788da72daf8003573ad46a4f157068355159463760fd5f54a19c5a4978ba4282d7374ea3be8161fc4235852681348326a4b4f3de2166bb225e9
- SSDEEP
  
  24576:daTI658f1k2A/BDG45rQcPQmW8Z1xOtSlBwyh:dP6Kf4Pkcmg
Score

10^/10

latentbot discovery persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoverypersistencetrojan

behavioral2

latentbotdiscoverypersistencetrojan