latentbot | f69e5c5e7fc9a922ccd20d4943e5b1879e1edf7894f741a69599b353f979f92f | Triage

Sharing

General

Target

3f7b736908e8c6f0565724d1becc18cf_JaffaCakes118
Size

813KB
Sample

241013-m5n35sxgqj
MD5

3f7b736908e8c6f0565724d1becc18cf
SHA1

310dcc710d46303ea4b76fdf27920f1444455630
SHA256

f69e5c5e7fc9a922ccd20d4943e5b1879e1edf7894f741a69599b353f979f92f
SHA512

587c304117723445a205fba2bf02f85c56b5fa13bac88ed2377e4e50573979df0ce18006a8ba33344eb7033f74a6ffa2b19adc9f48fd3e8ffb56967f3f2ada27
SSDEEP

12288:cOcNFX1jLYjRbd5AjFXuO4Byq7EcdWd+Qb0+eE08dY8IkD+myR6INFBI7hf6Kujx:cOO/cda+O4kMV/+i1pc69o

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

servercomet.zapto.org

1servercomet.zapto.org

2servercomet.zapto.org

3servercomet.zapto.org

4servercomet.zapto.org

5servercomet.zapto.org

6servercomet.zapto.org

7servercomet.zapto.org

8servercomet.zapto.org

Targets

- Target
  
  3f7b736908e8c6f0565724d1becc18cf_JaffaCakes118
- Size
  
  813KB
- MD5
  
  3f7b736908e8c6f0565724d1becc18cf
- SHA1
  
  310dcc710d46303ea4b76fdf27920f1444455630
- SHA256
  
  f69e5c5e7fc9a922ccd20d4943e5b1879e1edf7894f741a69599b353f979f92f
- SHA512
  
  587c304117723445a205fba2bf02f85c56b5fa13bac88ed2377e4e50573979df0ce18006a8ba33344eb7033f74a6ffa2b19adc9f48fd3e8ffb56967f3f2ada27
- SSDEEP
  
  12288:cOcNFX1jLYjRbd5AjFXuO4Byq7EcdWd+Qb0+eE08dY8IkD+myR6INFBI7hf6Kujx:cOO/cda+O4kMV/+i1pc69o
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan