Overview

overview

10

Static

static

1

backup-mes...96.eml

windows10-ltsc 2021-x64

3

email-html-2.html

windows10-ltsc 2021-x64

10

email-plain-1.txt

windows10-ltsc 2021-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    backup-message-10.7.1.84_9045-4451296.eml

  • Size

    88KB

  • Sample

    241119-e2ndfazngs

  • MD5

    e9e6d6126b5d95be6482255162935a29

  • SHA1

    2c5522d7995cdcefb09292938d13182b672963c5

  • SHA256

    6a2a88d701f29f74e4b2624197527dc81fb72b2b9fd1baf41a4d092329cfd510

  • SHA512

    4a463c275d357fffa2e5cb5223f0ae163a4ac1f2c477236ef4ae1ffe5f8ea81ebf6dc82d68bc85c4c5175f97d5036184b3e04956f7a8c21a7d43c00e9860498e

  • SSDEEP

    768:Yf/h/vCzCFCAdyqJpNyuzbfWUhZRxQSeOh/vCzCFCAdyqQ:CpNyebfWU5xQJ1

Score
10/10
latentbotdiscoverypersistencephishingtrojan

Malware Config

Extracted

Family

latentbot

C2

zeri5c4f2a5c.zapto.org

Targets

    • Target

      backup-message-10.7.1.84_9045-4451296.eml

    • Size

      88KB

    • MD5

      e9e6d6126b5d95be6482255162935a29

    • SHA1

      2c5522d7995cdcefb09292938d13182b672963c5

    • SHA256

      6a2a88d701f29f74e4b2624197527dc81fb72b2b9fd1baf41a4d092329cfd510

    • SHA512

      4a463c275d357fffa2e5cb5223f0ae163a4ac1f2c477236ef4ae1ffe5f8ea81ebf6dc82d68bc85c4c5175f97d5036184b3e04956f7a8c21a7d43c00e9860498e

    • SSDEEP

      768:Yf/h/vCzCFCAdyqJpNyuzbfWUhZRxQSeOh/vCzCFCAdyqQ:CpNyebfWU5xQJ1

    Score
    3/10
    behavioral1

    • Target

      email-html-2.txt

    • Size

      61KB

    • MD5

      24a816070abfb1dfaf279c7c789a8785

    • SHA1

      3514dc06cb3d07d2f26c5e97519abdd973692219

    • SHA256

      cbe91ed2b5518cd0c88b7c9edc9d3d90ac3292035c25c68ae2f27762cd7ea060

    • SHA512

      ed6602d1ff97b45615177d7829609c761999168da49f3489fd7a97224af8170821aadb780c07f03641f57e5bc4030155d1d6b3f71cac051bbe3788223800214d

    • SSDEEP

      384:Sa/6NyuMSRbr7h8dAsHU1xxFdlRxnoj/3t4+SeTBEyg++ogtWAX/Wh6SWhdvWbGj:SpNyuzbfWUhZRxQSeOh/vCzCFCAdyqz

    Score
    10/10
    latentbotdiscoverypersistencephishingtrojan

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Latentbot family

      latentbot

    • A potential corporate email address has been identified in the URL: vlibras-portal@dev

      phishing

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

    • Target

      email-plain-1.txt

    • Size

      26KB

    • MD5

      0aff48119643d955ae3855d904f699e7

    • SHA1

      0abc50621a737d20d93ae147ee17c3b9fdb9964d

    • SHA256

      15db807cde86372865950845dc11556e0991fadb306848633da538d3ea4b5477

    • SHA512

      508aad82539f50c9b1a98b01dbf54391a60aed2a8cae09a981ca7d8aabb642943e775221b4de225c77bf68dc86c6ea9fb3b84a5145cc55fcc61b0571dbde4429

    • SSDEEP

      384:hf5Bvyg++ogtWAX/Wh6SWhdvWbGq4L4/r4T4TLvz4784eA4i4+jdyqU9:hf/h/vCzCFCAdyqm

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks