latentbot | 3f0e4f7e60b42179c150a88c7f860df7f69bb97d4304477ab126219f635c11e3 | Triage

Sharing

General

Target

ad20e1224543b112798a78072d565fbe_JaffaCakes118
Size

94KB
Sample

241128-wf31favmgt
MD5

ad20e1224543b112798a78072d565fbe
SHA1

7f3c040a09458cb2b98fc5a2b5efd2667a235964
SHA256

3f0e4f7e60b42179c150a88c7f860df7f69bb97d4304477ab126219f635c11e3
SHA512

67068d5b5050c416eaeef479b02bde810763d2e11f487aafd3c506a69d6d9712e2bafe9fd47bb66d5f467aef7acc2241fca1ba3597bc0709fbc09221af5a7e8a
SSDEEP

1536:sskKNqRSQ911QzZWqdFjR/MlLsesF8tFOHhy352LU6QNyyvJChhf2n5uROIMxZcF:ss9NUSKbeZWcF2gqgk3scyMohV2n5cOs

Score

10^/10

latentbot discovery persistence trojan upx

Malware Config

Extracted

Family

latentbot

C2

mouhamed007.zapto.org

Targets

- Target
  
  ad20e1224543b112798a78072d565fbe_JaffaCakes118
- Size
  
  94KB
- MD5
  
  ad20e1224543b112798a78072d565fbe
- SHA1
  
  7f3c040a09458cb2b98fc5a2b5efd2667a235964
- SHA256
  
  3f0e4f7e60b42179c150a88c7f860df7f69bb97d4304477ab126219f635c11e3
- SHA512
  
  67068d5b5050c416eaeef479b02bde810763d2e11f487aafd3c506a69d6d9712e2bafe9fd47bb66d5f467aef7acc2241fca1ba3597bc0709fbc09221af5a7e8a
- SSDEEP
  
  1536:sskKNqRSQ911QzZWqdFjR/MlLsesF8tFOHhy352LU6QNyyvJChhf2n5uROIMxZcF:ss9NUSKbeZWcF2gqgk3scyMohV2n5cOs
Score

10^/10

latentbot discovery persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoverypersistencetrojanupx

behavioral2

latentbotdiscoverypersistencetrojanupx