latentbot | 196e3592abbedd9dc796eef2c7f46fa10721a4e268d2bb53b638000f77901a66 | Triage

Sharing

General

Target

JaffaCakes118_2cfe52317633c9b1d10501ca0ce96fb1
Size

492KB
Sample

250113-w98g1ssrcv
MD5

2cfe52317633c9b1d10501ca0ce96fb1
SHA1

29b0d8331448ddb38dfcce5a47b51d43f761421d
SHA256

196e3592abbedd9dc796eef2c7f46fa10721a4e268d2bb53b638000f77901a66
SHA512

dac7967f14f61e15b91651ff5abc4d104e8d71eb6948b7ebcf10db7ca27bb9030892db0f4221abc98f8b412ca46dc1df65d4c0c2c420bbc6b9c18545dd9a98f6
SSDEEP

12288:Urrk8br22nzvMgdxA6EYVe1WyNus2OGmDo:etbPdxALYVeUDObD

Score

10^/10

latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

chris012543.zapto.org

1chris012543.zapto.org

2chris012543.zapto.org

3chris012543.zapto.org

4chris012543.zapto.org

5chris012543.zapto.org

6chris012543.zapto.org

7chris012543.zapto.org

8chris012543.zapto.org

Targets

- Target
  
  JaffaCakes118_2cfe52317633c9b1d10501ca0ce96fb1
- Size
  
  492KB
- MD5
  
  2cfe52317633c9b1d10501ca0ce96fb1
- SHA1
  
  29b0d8331448ddb38dfcce5a47b51d43f761421d
- SHA256
  
  196e3592abbedd9dc796eef2c7f46fa10721a4e268d2bb53b638000f77901a66
- SHA512
  
  dac7967f14f61e15b91651ff5abc4d104e8d71eb6948b7ebcf10db7ca27bb9030892db0f4221abc98f8b412ca46dc1df65d4c0c2c420bbc6b9c18545dd9a98f6
- SSDEEP
  
  12288:Urrk8br22nzvMgdxA6EYVe1WyNus2OGmDo:etbPdxALYVeUDObD
Score

10^/10

latentbot discovery evasion persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoveryevasionpersistencetrojan

behavioral2

latentbotdiscoveryevasionpersistencetrojan