latentbot | a2deefa26145a0ef56e012cb1020c6ba73d939a5deccd3088155d68c2995cbd1 | Triage

Submit
Reports

Overview

overview

Static

static

1

archivo2.vbs

windows10-ltsc 2021-x64

Sharing

General

Target

archivo2.vbs
Size

24KB
Sample

241121-1slzxayjcy
MD5

794acb71b278d769b345ae1128ba0c74
SHA1

33ae0fddd4a8d0db765f988006aeb53d2fc4abeb
SHA256

a2deefa26145a0ef56e012cb1020c6ba73d939a5deccd3088155d68c2995cbd1
SHA512

81d1b09832762b9201205f13c68bd4958f5f5ede713a287d86da7144c4c333809bfd0e85d624a462c6130eb14307cccae49eb691a2f8a4642d5502f291763be2
SSDEEP

384:E7EipzIp0YHdqR11111OiPNtj5oByRDjmvb0PZ/sRQO84uJSM8gJ/vHV:EoidI+Y9qX1tj5oPbS/sebLSM8gJ/vHV

Score

10^/10

latentbot collection discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

archivo2.vbs

Resource

win10ltsc2021-20241023-es

latentbot collection discovery trojan

windows10-ltsc 2021-x64

31 signatures

300 seconds

Malware Config

Extracted

Family

latentbot

C2

the11industrious.zapto.org

Targets

- Target
  
  archivo2.vbs
- Size
  
  24KB
- MD5
  
  794acb71b278d769b345ae1128ba0c74
- SHA1
  
  33ae0fddd4a8d0db765f988006aeb53d2fc4abeb
- SHA256
  
  a2deefa26145a0ef56e012cb1020c6ba73d939a5deccd3088155d68c2995cbd1
- SHA512
  
  81d1b09832762b9201205f13c68bd4958f5f5ede713a287d86da7144c4c333809bfd0e85d624a462c6130eb14307cccae49eb691a2f8a4642d5502f291763be2
- SSDEEP
  
  384:E7EipzIp0YHdqR11111OiPNtj5oByRDjmvb0PZ/sRQO84uJSM8gJ/vHV:EoidI+Y9qX1tj5oPbS/sebLSM8gJ/vHV
Score

10^/10

latentbot collection discovery trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotcollectiondiscoverytrojan

© 2018-2024

Terms | Privacy