latentbot | 3b064d303f048ec12ad6ec654de4a9f1320e04d9c97df12e580738486b82aab5 | Triage

Sharing

General

Target

4d0accd12d11cd8de4798bd2d2715fb5_JaffaCakes118
Size

32KB
Sample

241016-qkhmeavfjk
MD5

4d0accd12d11cd8de4798bd2d2715fb5
SHA1

57124be21843204b9f708959dc101fccf2b51f1e
SHA256

3b064d303f048ec12ad6ec654de4a9f1320e04d9c97df12e580738486b82aab5
SHA512

19132853918ca8e40a54789a4885b96acc35d10ae51c5072bfa0b8eca42ba50483a1102c9a93c5a14704e85b6a9a2a74b415da8a20f47cc5a6fa513b31017b07
SSDEEP

384:ELq6O30Ob0QwsIQt/7q5w01VRucQnc6GhPKOULTTRwK:Sq13npIaNe0c6gK5

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

C2

cornflakes44.zapto.org

Targets

- Target
  
  4d0accd12d11cd8de4798bd2d2715fb5_JaffaCakes118
- Size
  
  32KB
- MD5
  
  4d0accd12d11cd8de4798bd2d2715fb5
- SHA1
  
  57124be21843204b9f708959dc101fccf2b51f1e
- SHA256
  
  3b064d303f048ec12ad6ec654de4a9f1320e04d9c97df12e580738486b82aab5
- SHA512
  
  19132853918ca8e40a54789a4885b96acc35d10ae51c5072bfa0b8eca42ba50483a1102c9a93c5a14704e85b6a9a2a74b415da8a20f47cc5a6fa513b31017b07
- SSDEEP
  
  384:ELq6O30Ob0QwsIQt/7q5w01VRucQnc6GhPKOULTTRwK:Sq13npIaNe0c6gK5
Score

10^/10

discovery latentbot trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

latentbotdiscoverytrojan