Overview

overview

10

Static

static

3

5b9ed73fd7...6N.exe

windows7-x64

8

5b9ed73fd7...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N

  • Size

    2.5MB

  • Sample

    241010-qsbh3axgjf

  • MD5

    414753e6caa05ca4a49546cec841ef10

  • SHA1

    998c0b4533f3e00eeacf441fbe29575198a574d4

  • SHA256

    5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6

  • SHA512

    c6f1476229c6587d7209455cbba42f1eb44b72b14842a60b446ab8252330c3f47d332f95645136493dfe07f8f00e4064bf6f789149e9dec0807024f5effdf4a7

  • SSDEEP

    24576:wV9cJXtGndLzF0szq2l9RU0t+kRsKWj+dWdo+Ec0xMki8UsU3AoAMXqozj+inKM:k9cJXcndLzF0OU8VdWdqMXqozj+inKM

Score
10/10
latentbotdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N

    • Size

      2.5MB

    • MD5

      414753e6caa05ca4a49546cec841ef10

    • SHA1

      998c0b4533f3e00eeacf441fbe29575198a574d4

    • SHA256

      5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6

    • SHA512

      c6f1476229c6587d7209455cbba42f1eb44b72b14842a60b446ab8252330c3f47d332f95645136493dfe07f8f00e4064bf6f789149e9dec0807024f5effdf4a7

    • SSDEEP

      24576:wV9cJXtGndLzF0szq2l9RU0t+kRsKWj+dWdo+Ec0xMki8UsU3AoAMXqozj+inKM:k9cJXcndLzF0OU8VdWdqMXqozj+inKM

    Score
    10/10
    latentbotdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks