Extracted

• • Target

    0dbeaab616c483b81d9e9ed8dda14a3a8f3b024130f8fab840e7b9f3a7b1787e.msi

  • Size

    6.7MB

  • MD5

    e21b2080c98beb0f04307a5a25630e23

  • SHA1

    8fc24ad51e8d61324fe8de1be667862e9238cbbb

  • SHA256

    0dbeaab616c483b81d9e9ed8dda14a3a8f3b024130f8fab840e7b9f3a7b1787e

  • SHA512

    3706fde6569bccb39e2c58e86c60050c73bcdbe5c7eb05849ced33c75b5a1c3b080746c2e27420c6fffcd3497e1b1b6ab87e1b2d371a80fa3ae27851a64cfbea

  • SSDEEP

    196608:QK4NkomkEmjut8DMcj4IWKPDNwmtoOCvHLNkAIdc:QKfkEmjuSMcxWKLNwunA5

  Score

  10^/10

  latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies Windows Firewall

    evasion
  behavioral1behavioral2