latentbot | 70edbf6d01029edd6329a1a01091a21fb57c19b4171ff8021405ade0ebdbcf2a | Triage

Sharing

General

Target

70edbf6d01029edd6329a1a01091a21fb57c19b4171ff8021405ade0ebdbcf2a.exe
Size

92KB
Sample

241226-exq9jaxjar
MD5

d2fe48b6139405269f194f1c9da8c94d
SHA1

bce75393d5f9a1dd4fd55c579d3e68f8aaea9838
SHA256

70edbf6d01029edd6329a1a01091a21fb57c19b4171ff8021405ade0ebdbcf2a
SHA512

9f63e8872d49ea09bde18eb1181ec5c849b098b80562de09cfff66b4d99adf5f6a4e187ed654261c0096503f693cfbd423828f1bdb74f7650c88748a1ac5a05c
SSDEEP

1536:607nGfBulrp69O6+kp36hjQ58WCmB3cFwzvkc/9:/nGfBulU9O6+kpVztlewzco

Score

10^/10

latentbot njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Extracted

Family

latentbot

C2

testttt8745.zapto.org

Targets

- Target
  
  70edbf6d01029edd6329a1a01091a21fb57c19b4171ff8021405ade0ebdbcf2a.exe
- Size
  
  92KB
- MD5
  
  d2fe48b6139405269f194f1c9da8c94d
- SHA1
  
  bce75393d5f9a1dd4fd55c579d3e68f8aaea9838
- SHA256
  
  70edbf6d01029edd6329a1a01091a21fb57c19b4171ff8021405ade0ebdbcf2a
- SHA512
  
  9f63e8872d49ea09bde18eb1181ec5c849b098b80562de09cfff66b4d99adf5f6a4e187ed654261c0096503f693cfbd423828f1bdb74f7650c88748a1ac5a05c
- SSDEEP
  
  1536:607nGfBulrp69O6+kp36hjQ58WCmB3cFwzvkc/9:/nGfBulU9O6+kpVztlewzco
Score

10^/10

latentbot njrat discovery evasion persistence privilege_escalation trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotnjratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan