latentbot | fbc1135baf2f0ac039b3ab47f872119c1cf21239a3a2c9f643574d729d3aabb3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-10-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bbcafc22741242c43789d4d95b43811_JaffaCakes118.pdf
Size

13KB
MD5

6bbcafc22741242c43789d4d95b43811
SHA1

aa445824803d4a22ca98772a3a2e07dee624b81e
SHA256

fbc1135baf2f0ac039b3ab47f872119c1cf21239a3a2c9f643574d729d3aabb3
SHA512

a5bf0c8c9011e035f795fceb44f2583000404eca7ea8bc9dc6fbc2bcee8d02c916240671049cd6ad749121dc5573989b721f22ffaad602f6890c73b17b407a2f
SSDEEP

192:rQhzajYqwAO9G+/vvTs7hXbfym4GJVbBftJy/suiXAO6vQNi/60un/T8qvROdjzJ:shzaNwAO9GiM5fdttt4Qi/60G78s4djN

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

ratbiiqbtal.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

AcroRd32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid	Process
2876	AcroRd32.exe
2876	AcroRd32.exe
2876	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6bbcafc22741242c43789d4d95b43811_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2876-0-0x0000000003180000-0x00000000031F6000-memory.dmp

Filesize
472KB

Download
memory/2876-3-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download