latentbot | ca3e0f104f1e9ce6acbdb7cddb86f2194edf95fee9d8870b028e5d42b47c53b5 | Triage

Sharing

General

Target

ad6d253dd790b3a7effaf0cae6792043_JaffaCakes118
Size

420KB
Sample

241128-yq4qtsylew
MD5

ad6d253dd790b3a7effaf0cae6792043
SHA1

98e9b716d9e6415ff4b345a0012b3d552f7617fa
SHA256

ca3e0f104f1e9ce6acbdb7cddb86f2194edf95fee9d8870b028e5d42b47c53b5
SHA512

5e2025160073c900d6d6053f5884dab9f06b6866acb8900d60a04474dc206810ce56dc802f7e4d3b65484e2c8cc4c59438db86e79a30b534f92c4bbb142e1334
SSDEEP

6144:y0FGuIH5LBHng5HakjpCvOVIuhJG+EzkB7RF6v6tZ:yuIZNga+498JG+EzkB7RF6v6D

Score

10^/10

latentbot discovery evasion trojan

Malware Config

Extracted

Family

latentbot

C2

nyandcompany.zapto.org

Targets

- Target
  
  ad6d253dd790b3a7effaf0cae6792043_JaffaCakes118
- Size
  
  420KB
- MD5
  
  ad6d253dd790b3a7effaf0cae6792043
- SHA1
  
  98e9b716d9e6415ff4b345a0012b3d552f7617fa
- SHA256
  
  ca3e0f104f1e9ce6acbdb7cddb86f2194edf95fee9d8870b028e5d42b47c53b5
- SHA512
  
  5e2025160073c900d6d6053f5884dab9f06b6866acb8900d60a04474dc206810ce56dc802f7e4d3b65484e2c8cc4c59438db86e79a30b534f92c4bbb142e1334
- SSDEEP
  
  6144:y0FGuIH5LBHng5HakjpCvOVIuhJG+EzkB7RF6v6tZ:yuIZNga+498JG+EzkB7RF6v6D
Score

10^/10

latentbot discovery evasion trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies firewall policy service
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasiontrojan

behavioral2

latentbotdiscoveryevasiontrojan