Extracted

• • Target

    PersonalizedOffer.exe

  • Size

    3.9MB

  • MD5

    09e3aa460dbf9cddbb402354cb854ced

  • SHA1

    e27bf77f6cf806e1c841fc487872d9f5f75a75f7

  • SHA256

    99822b12d5cd66b9d5fb3436c2c2f0f9d754dbf6483896800b647af57081af2b

  • SHA512

    5521bdd944d58a9cf524959598fac97f810090d2f934afdb00809a75c46c163e053b0d092f955805d0be150ecbb137c1814f92c5f1887bf45ad9ee17f67dfa6c

  • SSDEEP

    98304:7tlEb9+zykLmOCYNW/WrHwOnvE8sJXcMv5ezs2rEPqYxLI:7tSb9+zykLmxd/cHwOkp7jI

  Score

  10^/10

  latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Use of msiexec (install) with remote resource

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2