latentbot | eeb6cc149e5b3f30560cb7e9c0fc5f20b08f588dd905b2ad06a8c893971c3d19 | Triage

Submit
Reports

Overview

overview

Static

static

1

archivo2.vbs

windows10-ltsc 2021-x64

Sharing

General

Target

archivo2.vbs
Size

24KB
Sample

241203-rpe8hsynfx
MD5

a9c54e85a880f13da8f00ddc25bf5cf5
SHA1

c239e6d0a997ff111944dd36e79f6995e721697e
SHA256

eeb6cc149e5b3f30560cb7e9c0fc5f20b08f588dd905b2ad06a8c893971c3d19
SHA512

7abf6d505e4880a4b71a64fd601a9c13a40966836a59361c0bae82e6470a07ac25979310cde1607067e6465e461833815fd88f8439b5e0332f180dcab6aad1ea
SSDEEP

768:UOs/xYD5ezPaSPZtpHvC8o2qdsdelDLJiq:UOs/xTTx42qdAWp

Score

10^/10

latentbot collection discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

archivo2.vbs

Resource

win10ltsc2021-20241023-es

latentbot collection discovery trojan

windows10-ltsc 2021-x64

30 signatures

300 seconds

Malware Config

Extracted

Family

latentbot

C2

wretched33kinder.zapto.org

Targets

- Target
  
  archivo2.vbs
- Size
  
  24KB
- MD5
  
  a9c54e85a880f13da8f00ddc25bf5cf5
- SHA1
  
  c239e6d0a997ff111944dd36e79f6995e721697e
- SHA256
  
  eeb6cc149e5b3f30560cb7e9c0fc5f20b08f588dd905b2ad06a8c893971c3d19
- SHA512
  
  7abf6d505e4880a4b71a64fd601a9c13a40966836a59361c0bae82e6470a07ac25979310cde1607067e6465e461833815fd88f8439b5e0332f180dcab6aad1ea
- SSDEEP
  
  768:UOs/xYD5ezPaSPZtpHvC8o2qdsdelDLJiq:UOs/xTTx42qdAWp
Score

10^/10

latentbot collection discovery trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotcollectiondiscoverytrojan

© 2018-2024

Terms | Privacy