latentbot | 516a16adb1641127e455c30ddb243c853057e5d0f5a2d7918a52e0e0ca570d33 | Triage

Submit
Reports

Overview

overview

Static

static

3

65c7200faa...18.exe

windows7-x64

65c7200faa...18.exe

windows10-2004-x64

Sharing

General

Target

65c7200faac8b0de62432214cc3a0629_JaffaCakes118
Size

712KB
Sample

241021-gxwkcssdkg
MD5

65c7200faac8b0de62432214cc3a0629
SHA1

0ad44042ddcf2b9ad73a99fe6fecc3fdb7bc6362
SHA256

516a16adb1641127e455c30ddb243c853057e5d0f5a2d7918a52e0e0ca570d33
SHA512

2b52aae864b764d4142f0a7ba5a944167568ad128445742e8ac92db45b0819246a8f51a93efba1741709e60f5a37f59d11489e0107dd2f2314b4b1c1204f5ae2
SSDEEP

12288:fOqBStmJ7uD4vqQOqCg/0+cdEuH8uitp4xieV31K93+:GCS8OTRdEuUpJGln

Score

10^/10

latentbot xtremerat discovery persistence rat spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

65c7200faac8b0de62432214cc3a0629_JaffaCakes118.exe

Resource

win7-20240729-en

latentbot xtremerat discovery persistence rat spyware trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

65c7200faac8b0de62432214cc3a0629_JaffaCakes118.exe

Resource

win10v2004-20241007-en

latentbot xtremerat discovery persistence rat spyware trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

imaistroextr.zapto.org

Extracted

Family

latentbot

C2

imaistroextr.zapto.org

Targets

- Target
  
  65c7200faac8b0de62432214cc3a0629_JaffaCakes118
- Size
  
  712KB
- MD5
  
  65c7200faac8b0de62432214cc3a0629
- SHA1
  
  0ad44042ddcf2b9ad73a99fe6fecc3fdb7bc6362
- SHA256
  
  516a16adb1641127e455c30ddb243c853057e5d0f5a2d7918a52e0e0ca570d33
- SHA512
  
  2b52aae864b764d4142f0a7ba5a944167568ad128445742e8ac92db45b0819246a8f51a93efba1741709e60f5a37f59d11489e0107dd2f2314b4b1c1204f5ae2
- SSDEEP
  
  12288:fOqBStmJ7uD4vqQOqCg/0+cdEuH8uitp4xieV31K93+:GCS8OTRdEuUpJGln
Score

10^/10

latentbot xtremerat discovery persistence rat spyware trojan upx
- Detect XtremeRAT payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotxtremeratdiscoverypersistenceratspywaretrojanupx

behavioral2

latentbotxtremeratdiscoverypersistenceratspywaretrojanupx

© 2018-2024

Terms | Privacy