latentbot

Sharing

Copy URL

Twitter E-mail

General

Target

pt3010.zip
Size

37.9MB
Sample

241031-gjlg8szlfz
MD5

f99f0bc3c99d83ce2875e2503162e24f
SHA1

4bf67856a4fc3cd8b3ad0ced3bfc918f2f1207fa
SHA256

96f6a0d2a2c0103b735cb140e05602097b2e03951fffbc891ec09b9fe48a77e9
SHA512

e1a9497f37597118cff85922318732e41f56210d41c7a4398a9523ed594ba6f729f671beb5ae31fcb75fe5127777355e51a858044e916fc436c19e027ec3a891
SSDEEP

786432:90OSX58mUXRt/I9bMAcm96ldQ6uPWtahaXNIyexF0D7saXOK2FT1tJz1:DmstWIAcmYldYiahXwM51tJz1

Score

10^/10

Malware Config

Targets

- Target
  
  7zxa.dll
- Size
  
  74.9MB
- MD5
  
  86d806cecf0bf1c868ebe41b6357b034
- SHA1
  
  010820271280c074f386e051513fbb1b73bb5996
- SHA256
  
  3149395671d39388a65a4bff1b9671cee226f503c8432da8e32e17374cb36aaf
- SHA512
  
  6d39c6b4328f21dffdc5784d9a20d0fe321ea173288e0a1f67a3d4d0e805bb7bde61329b290bb6501a14d1639d085aeb348c5c663a8701c6ce8860b85031c3c4
- SSDEEP
  
  393216:aQTN2oFVasRj2ylzbU6oe7haEB9JtGdrLTzfvJIa5yJBz7h8zxPtYLx5mYfAHUi:WoZZYETXaIaIp8zxtYd5mYfc
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  BLOCKBUSTER.dll
- Size
  
  415KB
- MD5
  
  dac35720be4d4105234c4c99208c43d9
- SHA1
  
  ca13aec5182035ac053004d51ddf4ec9a018b494
- SHA256
  
  dadf7277164ac0d065fead44b1ed3e3fd9bccca39315ab35def952036a0b0b80
- SHA512
  
  e4fff267040503457de828fafaf73c7a1c095ff87e85bd6cc9d1991193a8a1e51faef1ddf9ea5400849a6aaba9793dd9ffa68e032a293acd134f3274d05aa525
- SSDEEP
  
  12288:UtoqntFyEUT4agzv5asqKIBqbGoLJV3Tvl8M8CIh5:UtoctFrUTVg9asqKgOxJV3T6DCU5
Score

1^/10
behavioral3 behavioral4
- Target
  
  BLOCKBUSTER.exe
- Size
  
  9.1MB
- MD5
  
  74d3f521a38b23cd25ed61e4f8d99f16
- SHA1
  
  c4cd0e519aeca41e94665f2c5ea60a322deb3680
- SHA256
  
  1d822b3faabb8f65fc30076d32a95757a2c369ccb64ae54572e9f562280ae845
- SHA512
  
  ec1c8b0eb895fd8947cad6126abc5bca3a712e42475228b9dcb3496098e720abb83d4cba4621edbd8d3ad7f306a5f57ced9c2c98fe2c2d0c8ebbbf99d7faf0f1
- SSDEEP
  
  196608:bmFQso3Id5AypjCIN325pMKhQaLh6sOo5LZvqy1f:OQseId5AyZIpMKVLhJtJqS
Score

10^/10

latentbot discovery evasion persistence privilege_escalation spyware stealer trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  hcx.dll
- Size
  
  398KB
- MD5
  
  287c055b14d6ab41b021486e4fef3708
- SHA1
  
  d705e8d163d60b39e0265e30a56966c58323bef3
- SHA256
  
  3976547348f3cd6887ad0bc6a1f1f54010b58ca5cc1a77a937e882def475ab9e
- SHA512
  
  fbc627c5d06ff4440d67f7fe97ad187bf6b6472ce9f0584e7ad3d1a391e7006db97d81ac6800a80bd8304172959f01a3bc72c55773d421f2332148731a71f0b1
- SSDEEP
  
  6144:tQHhNFuDiobkJcsXKrh86ZAASiFt5jiykLQIW471VOuGHT1H7EqQ+hOO1l:OhNFuvgJV5hDiFd8QIn1QbHY+wOT
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  unrar.dll
- Size
  
  174KB
- MD5
  
  4289541be75e95bcfff04857f7144d87
- SHA1
  
  5ec8085e30d75ec18b8b1e193b3d5aa1648b0d2e
- SHA256
  
  2631fcdf920610557736549e27939b9c760743a2cddec0b2c2254cfa40003fb0
- SHA512
  
  3137a7790de74a6413aca6c80fd57288bcc30a7df3a416f3c6e8666041cd47a9609136c91405eee23224c4ae67c9aebbba4dd9c4e5786b09b83318755b4a55fd
- SSDEEP
  
  3072:4Jb18kAn0/QVt5ch1fIBNXaQpZj1JtmosqpdFBVhz3s5xqW3W5/9rSgvWFI:g58kA0/QVPch1QXK6HmosyBhY62Y9Lee
Score

3^/10

discovery
behavioral10 behavioral9