latentbot | 1355780e4fa5680c503fc33814110d4ceeaf38e374fa60d02903eaadfc2fafd8 | Triage

Submit
Reports

Overview

overview

Static

static

1

archivo3.vbs

windows10-ltsc 2021-x64

Sharing

General

Target

archivo3.vbs
Size

24KB
Sample

241203-rpgfksvjaq
MD5

71fece3e0461df9f8fc019c926b66d1e
SHA1

e6a07dd51d0d781bcfc921d43f9fc39051fde4d6
SHA256

1355780e4fa5680c503fc33814110d4ceeaf38e374fa60d02903eaadfc2fafd8
SHA512

7694e1cb3f4b72192cb721a01fac378e8eaa8d1f03dd293f5ffa27ca52967e10ede4734036050a3c84831145eb6c643129eea94796aa3f83bca9d2b2db112c85
SSDEEP

768:vXLWq6+cwbmAQtplUkBP4zKq5cDBMqAkROs:iq6NwKAmn9N4zKq5cJ

Score

10^/10

latentbot collection discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

archivo3.vbs

Resource

win10ltsc2021-20241023-es

latentbot collection discovery trojan

windows10-ltsc 2021-x64

30 signatures

300 seconds

Malware Config

Extracted

Family

latentbot

C2

wretched33kinder.zapto.org

Targets

- Target
  
  archivo3.vbs
- Size
  
  24KB
- MD5
  
  71fece3e0461df9f8fc019c926b66d1e
- SHA1
  
  e6a07dd51d0d781bcfc921d43f9fc39051fde4d6
- SHA256
  
  1355780e4fa5680c503fc33814110d4ceeaf38e374fa60d02903eaadfc2fafd8
- SHA512
  
  7694e1cb3f4b72192cb721a01fac378e8eaa8d1f03dd293f5ffa27ca52967e10ede4734036050a3c84831145eb6c643129eea94796aa3f83bca9d2b2db112c85
- SSDEEP
  
  768:vXLWq6+cwbmAQtplUkBP4zKq5cDBMqAkROs:iq6NwKAmn9N4zKq5cJ
Score

10^/10

latentbot collection discovery trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotcollectiondiscoverytrojan

© 2018-2024

Terms | Privacy