latentbot | 220813897cb699771f7c2c353034a7b8415047747577ed44041714742f62886d | Triage

Sharing

General

Target

220813897cb699771f7c2c353034a7b8415047747577ed44041714742f62886dN.exe
Size

92KB
Sample

241226-v9m1mstjbp
MD5

d6f9fc682f7af8fa12a2619290a82eb0
SHA1

a90edbbd437777bd4908a172e0990b5711e1cf23
SHA256

220813897cb699771f7c2c353034a7b8415047747577ed44041714742f62886d
SHA512

8c5b281f1361907764a313724180154f6e7c71e0d4123d07dc9f32c59919a52e435c208e334b5755cdf940ce93789858f2162932bc41f2a48977f214ec50f13a
SSDEEP

1536:607nGfBulrp69O6+kp36hjQ58WCmB3cFwzvkc/:/nGfBulU9O6+kpVztlewzc

Score

10^/10

latentbot njrat discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Extracted

Family

latentbot

C2

testttt8745.zapto.org

Targets

- Target
  
  220813897cb699771f7c2c353034a7b8415047747577ed44041714742f62886dN.exe
- Size
  
  92KB
- MD5
  
  d6f9fc682f7af8fa12a2619290a82eb0
- SHA1
  
  a90edbbd437777bd4908a172e0990b5711e1cf23
- SHA256
  
  220813897cb699771f7c2c353034a7b8415047747577ed44041714742f62886d
- SHA512
  
  8c5b281f1361907764a313724180154f6e7c71e0d4123d07dc9f32c59919a52e435c208e334b5755cdf940ce93789858f2162932bc41f2a48977f214ec50f13a
- SSDEEP
  
  1536:607nGfBulrp69O6+kp36hjQ58WCmB3cFwzvkc/:/nGfBulU9O6+kpVztlewzc
Score

10^/10

latentbot njrat discovery evasion persistence privilege_escalation trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotnjratdiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

latentbotdiscoveryevasionpersistenceprivilege_escalationtrojan