General
-
Target
archivo6.vbs
-
Size
23KB
-
Sample
241122-rrhfnaslgw
-
MD5
3c4e0b80f5e2e2ceda30b97cffe2295e
-
SHA1
02baac29b150f952b6645a919bd9124980b6ed2c
-
SHA256
c85973cc4259ccc3df8bc1474c952512ea103e7fc7132483e137ca021bc7f7b9
-
SHA512
5a0052c587caf2cc93df70e8ab06c02b97d5b30e2bf46daca94433a57610551cea4da2e64a9d1ad6c2afffdc719bb447bfd7eb61421458dc08d534a0cb823ed7
-
SSDEEP
384:7pYFE5rFKx8PqjUjyyFtDp311111eHNtlM/eauJzqjl3OnH7+vYSlSZSISCS2tHP:sE5rFKx8PqjUjZh+t39+FYcV32tHlxtZ
Malware Config
Extracted
latentbot
stupendous22sec.zapto.org
Targets
-
-
Target
archivo6.vbs
-
Size
23KB
-
MD5
3c4e0b80f5e2e2ceda30b97cffe2295e
-
SHA1
02baac29b150f952b6645a919bd9124980b6ed2c
-
SHA256
c85973cc4259ccc3df8bc1474c952512ea103e7fc7132483e137ca021bc7f7b9
-
SHA512
5a0052c587caf2cc93df70e8ab06c02b97d5b30e2bf46daca94433a57610551cea4da2e64a9d1ad6c2afffdc719bb447bfd7eb61421458dc08d534a0cb823ed7
-
SSDEEP
384:7pYFE5rFKx8PqjUjyyFtDp311111eHNtlM/eauJzqjl3OnH7+vYSlSZSISCS2tHP:sE5rFKx8PqjUjZh+t39+FYcV32tHlxtZ
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-