latentbot | 76ddc568dcbc0d18fdfcf7a9ff06c089d784c7777aff4ff38aa506ea85a84009 | Triage

Submit
Reports

Overview

overview

Static

static

3

14f5038d2a...18.exe

windows7-x64

14f5038d2a...18.exe

windows10-2004-x64

Sharing

General

Target

14f5038d2ab181061d727f3e6766d12f_JaffaCakes118
Size

256KB
Sample

241004-z7dfmsxajq
MD5

14f5038d2ab181061d727f3e6766d12f
SHA1

edc60bbe46a5a308a371274ab822996bd892ade6
SHA256

76ddc568dcbc0d18fdfcf7a9ff06c089d784c7777aff4ff38aa506ea85a84009
SHA512

80b009508558d29eee6446f0acf407953caac20f7c7d4d1a404df076417c5e5dc38920e0ea43dbb0d728c02cb8856bfbb58e9c0be6fd3a53fe14bc751cae2d08
SSDEEP

6144:cbGk+o3CpuQb6zL7pxdG/pUvnjbysrPNH0EEBNyrORzsiS:wd+oSpNbw7ZvXFPYKOR6

Score

10^/10

latentbot discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

14f5038d2ab181061d727f3e6766d12f_JaffaCakes118.exe

Resource

win7-20240903-en

latentbot discovery evasion persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

14f5038d2ab181061d727f3e6766d12f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

latentbot discovery evasion persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

pertenemene.zapto.org

1pertenemene.zapto.org

2pertenemene.zapto.org

3pertenemene.zapto.org

4pertenemene.zapto.org

5pertenemene.zapto.org

6pertenemene.zapto.org

7pertenemene.zapto.org

8pertenemene.zapto.org

Targets

- Target
  
  14f5038d2ab181061d727f3e6766d12f_JaffaCakes118
- Size
  
  256KB
- MD5
  
  14f5038d2ab181061d727f3e6766d12f
- SHA1
  
  edc60bbe46a5a308a371274ab822996bd892ade6
- SHA256
  
  76ddc568dcbc0d18fdfcf7a9ff06c089d784c7777aff4ff38aa506ea85a84009
- SHA512
  
  80b009508558d29eee6446f0acf407953caac20f7c7d4d1a404df076417c5e5dc38920e0ea43dbb0d728c02cb8856bfbb58e9c0be6fd3a53fe14bc751cae2d08
- SSDEEP
  
  6144:cbGk+o3CpuQb6zL7pxdG/pUvnjbysrPNH0EEBNyrORzsiS:wd+oSpNbw7ZvXFPYKOR6
Score

10^/10

latentbot discovery evasion persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojanupx

behavioral2

latentbotdiscoveryevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy