General
-
Target
PrintViewer.msi
-
Size
6.7MB
-
Sample
240925-2ehwrs1eqk
-
MD5
85f914ec316e8d20e8e13ef3719e04e4
-
SHA1
86ec276d409525bd8c1ef6d47ec8eece7639c0a2
-
SHA256
00ceea629efd7eb1d9eee5706ce8089336259c099fc4af274baf857bd1ddf230
-
SHA512
6a9eebfd6b4e794ab1fd949fa2093559460390a1d7843484e2086145e2ae968d8c347a3b3392aab2ebc41463cf97a3d36b23b6e8f80000949bb66c8eff3ba4e6
-
SSDEEP
98304:57vB+ZHiEZJMuI9JqwLOO+lzsnMHDqqxLSd7qqXR2EkLus6elw5Xe21NtcP33h3u:5IiiJiTqwLOTsMHDHBAI8kcXvWP1u
Malware Config
Extracted
latentbot
besthard2024.zapto.org
Targets
-
-
Target
PrintViewer.msi
-
Size
6.7MB
-
MD5
85f914ec316e8d20e8e13ef3719e04e4
-
SHA1
86ec276d409525bd8c1ef6d47ec8eece7639c0a2
-
SHA256
00ceea629efd7eb1d9eee5706ce8089336259c099fc4af274baf857bd1ddf230
-
SHA512
6a9eebfd6b4e794ab1fd949fa2093559460390a1d7843484e2086145e2ae968d8c347a3b3392aab2ebc41463cf97a3d36b23b6e8f80000949bb66c8eff3ba4e6
-
SSDEEP
98304:57vB+ZHiEZJMuI9JqwLOO+lzsnMHDqqxLSd7qqXR2EkLus6elw5Xe21NtcP33h3u:5IiiJiTqwLOTsMHDHBAI8kcXvWP1u
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Installer Packages
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Installer Packages
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
1System Binary Proxy Execution
1Msiexec
1