latentbot | 48db9d908b5db4c809f5175c99d0a8e9957a559d976568e8b0f8db853eb3d766 | Triage

Sharing

General

Target

48db9d908b5db4c809f5175c99d0a8e9957a559d976568e8b0f8db853eb3d766N
Size

758KB
Sample

240930-ehgfsa1epb
MD5

226b5c545640bb6033225c40bc758850
SHA1

fda9652f4e51bf9c593962aaf47cffbaea216f86
SHA256

48db9d908b5db4c809f5175c99d0a8e9957a559d976568e8b0f8db853eb3d766
SHA512

ea51a59beb4a1e5f9ee4f18f9070b07076284ee7181a0f24a579347fc89cd424d3de5ab65ca904eefc2321e00313514fb58a52240c9aeb0350d659a956035266
SSDEEP

12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4qsEfFEZjAHuKDAS7vM5nP1ZSz:xuDXTIGaPhEYzUzA0/0qsEfFmvqLMxHY

Score

10^/10

latentbot discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

latentbot

C2

zxceblan228sexpenis.zapto.org

Targets

- Target
  
  48db9d908b5db4c809f5175c99d0a8e9957a559d976568e8b0f8db853eb3d766N
- Size
  
  758KB
- MD5
  
  226b5c545640bb6033225c40bc758850
- SHA1
  
  fda9652f4e51bf9c593962aaf47cffbaea216f86
- SHA256
  
  48db9d908b5db4c809f5175c99d0a8e9957a559d976568e8b0f8db853eb3d766
- SHA512
  
  ea51a59beb4a1e5f9ee4f18f9070b07076284ee7181a0f24a579347fc89cd424d3de5ab65ca904eefc2321e00313514fb58a52240c9aeb0350d659a956035266
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4qsEfFEZjAHuKDAS7vM5nP1ZSz:xuDXTIGaPhEYzUzA0/0qsEfFmvqLMxHY
Score

10^/10

latentbot discovery evasion persistence privilege_escalation trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan