latentbot | d2b7d28afb9413b80512e0114f493459e1c4a1f9ebcb60516783a334246f14f5 | Triage

Submit
Reports

Overview

overview

Static

static

3

Lumaailabs...��.exe

windows7-x64

1

Lumaailabs...��.exe

windows10-2004-x64

Sharing

General

Target

Lumaailabs_Website-AI.zip
Size

69.8MB
Sample

241009-avtjnaxhng
MD5

76c5f6f782a7fb4d09781d66729a4676
SHA1

d341b2768aab9e29f46fc6430273f4a80a6e37f3
SHA256

d2b7d28afb9413b80512e0114f493459e1c4a1f9ebcb60516783a334246f14f5
SHA512

246a535034fccc79d8fc406b1ff81938b6abf4fd66d494a7ba03a7ff325091b3557ab673ad13fbfd3c42df303ec69156dea92ac392d5aa08928811027babbd91
SSDEEP

1572864:FvP5dLMQxfNSnkbMUe87s+g9LnrV1/NUr8SIW41Mc3ZFYStTfxawn:R5SoNSkde87srDrV1VUr8SX41T5rn

Score

10^/10

latentbot xworm defense_evasion discovery pyinstaller rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Lumaailabs_WebsiteBuilder-AI.mp4⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Lumaailabs_WebsiteBuilder-AI.mp4⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe

Resource

win10v2004-20241007-en

latentbot xworm defense_evasion discovery pyinstaller rat trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

vampstrench.zapto.org

Targets

- Target
  
  Lumaailabs_WebsiteBuilder-AI.mp4⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀.exe
- Size
  
  70.1MB
- MD5
  
  5300362727ae2ab1fd0277fb89eace8c
- SHA1
  
  29f59278b3ca5e07d1d928188bba4461615ef9e5
- SHA256
  
  4d388d2ab6b6fe9931a9cdfca6d5e78042db0a2795d20b7b26956bfb551c6659
- SHA512
  
  0c10d251805c15ad463c86fc7890b9e33aadfe84db69f475f917b43a2275b7c09be4e96e37457108e8e00925ff61905d7ee2489f2dc2716736a6dd06b910c6bb
- SSDEEP
  
  1572864:SPsDrTSCHDAOZ91GTml6uscxqquJJ1jBLvb8vSSeqUdBGHph2qndt9mC:SPESCc01GqfscxqhfjBLz8vSSxUd8dV
Score

10^/10

latentbot xworm defense_evasion discovery pyinstaller rat trojan
- Detect Xworm Payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Network Service Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

latentbotxwormdefense_evasiondiscoverypyinstallerrattrojan

© 2018-2024

Terms | Privacy