General
-
Target
2024-12-05_57fdfc179433a2f43be61b514e8aa774_mafia_magniber
-
Size
1.7MB
-
Sample
241205-b3t1ts1rcv
-
MD5
57fdfc179433a2f43be61b514e8aa774
-
SHA1
a1382842cc6e0baa81fd4a6d457c48d9e48e2f70
-
SHA256
3da21199386d63f21b5e20c31f0be0bb1691df3d420a2cd41dfc73cdc8e3a2ea
-
SHA512
2b4d0ecb73a52a4d3f359a5c913a46c595349e2938bf0d821076069f2bc283f93aa93f351d9a312a175f96f8b57bf027e3bbc53764531bf50a67fb9db2320ab1
-
SSDEEP
24576:R4ZHs+AMGu+ZHHdQ++4ZHs+AMGu+ZHHdQ++4ZHs+AMGu+ZHHdQ++:R+HqMGBdQ+++HqMGBdQ+++HqMGBdQ++
Malware Config
Extracted
latentbot
0lalalalaal.zapto.org
Targets
-
-
Target
2024-12-05_57fdfc179433a2f43be61b514e8aa774_mafia_magniber
-
Size
1.7MB
-
MD5
57fdfc179433a2f43be61b514e8aa774
-
SHA1
a1382842cc6e0baa81fd4a6d457c48d9e48e2f70
-
SHA256
3da21199386d63f21b5e20c31f0be0bb1691df3d420a2cd41dfc73cdc8e3a2ea
-
SHA512
2b4d0ecb73a52a4d3f359a5c913a46c595349e2938bf0d821076069f2bc283f93aa93f351d9a312a175f96f8b57bf027e3bbc53764531bf50a67fb9db2320ab1
-
SSDEEP
24576:R4ZHs+AMGu+ZHHdQ++4ZHs+AMGu+ZHHdQ++4ZHs+AMGu+ZHHdQ++:R+HqMGBdQ+++HqMGBdQ+++HqMGBdQ++
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1