latentbot | 6b10733733dc5ece7a19af5a04064be7e8e79ed26099f5a62ffb9542e88c1ff5 | Triage

Sharing

General

Target

JaffaCakes118_689c2d3c50d6b1077bcc6bbf5b7b41d0
Size

764KB
Sample

250102-2fgp4ayjdt
MD5

689c2d3c50d6b1077bcc6bbf5b7b41d0
SHA1

eb65e48e4e0bb0f3320e3caa3dfe4bf41128f328
SHA256

6b10733733dc5ece7a19af5a04064be7e8e79ed26099f5a62ffb9542e88c1ff5
SHA512

384a552834935a2ae0087804dafeb02e2d91c8fdfe70f34fa00975585ec8a380e9278c943a01b9da12ed2d54cf33701646aa82a80109c136f5a20ef777de5414
SSDEEP

12288:A6U2k7rdxYpsuudHHjpagRRy829hdmvT0a8FGMU3ymAOoJ7QwAO3P1o4tUp3Uro1:jU2MPYq1HHggRRy8wiAa7Mfmw5LbtUpv

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

gfaghrtehxvdfsqaj.zapto.org

1gfaghrtehxvdfsqaj.zapto.org

2gfaghrtehxvdfsqaj.zapto.org

3gfaghrtehxvdfsqaj.zapto.org

4gfaghrtehxvdfsqaj.zapto.org

5gfaghrtehxvdfsqaj.zapto.org

6gfaghrtehxvdfsqaj.zapto.org

7gfaghrtehxvdfsqaj.zapto.org

8gfaghrtehxvdfsqaj.zapto.org

Targets

- Target
  
  JaffaCakes118_689c2d3c50d6b1077bcc6bbf5b7b41d0
- Size
  
  764KB
- MD5
  
  689c2d3c50d6b1077bcc6bbf5b7b41d0
- SHA1
  
  eb65e48e4e0bb0f3320e3caa3dfe4bf41128f328
- SHA256
  
  6b10733733dc5ece7a19af5a04064be7e8e79ed26099f5a62ffb9542e88c1ff5
- SHA512
  
  384a552834935a2ae0087804dafeb02e2d91c8fdfe70f34fa00975585ec8a380e9278c943a01b9da12ed2d54cf33701646aa82a80109c136f5a20ef777de5414
- SSDEEP
  
  12288:A6U2k7rdxYpsuudHHjpagRRy829hdmvT0a8FGMU3ymAOoJ7QwAO3P1o4tUp3Uro1:jU2MPYq1HHggRRy8wiAa7Mfmw5LbtUpv
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan