latentbot | f49a32e5f4d68ae117bb4598d4e84bd0a411febeffb302c535f49ba20f1e5fe0

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0c73aba15bbc8ca0101cbcc8eab06554.exe
Size

96KB
MD5

0c73aba15bbc8ca0101cbcc8eab06554
SHA1

67568c877ea1151651f20a81ab258a951c67a190
SHA256

f49a32e5f4d68ae117bb4598d4e84bd0a411febeffb302c535f49ba20f1e5fe0
SHA512

190e0893e3ec41c2e2213f59eaca3ddab4cb45ab730c66cef77c607229c47fd30f47b18d05d33068a9e05ef0dbc6da396115e99773eb786335967af1d22af8e6
SSDEEP

1536:v2tPdHRpRzN/RnFQA6fbO+rmArhroCRIxPvO0D6nIYNNW:v2tPdHnRzN/RGx6xXONM

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

dasubertang3.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_0c73aba15bbc8ca0101cbcc8eab06554.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0c73aba15bbc8ca0101cbcc8eab06554.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0c73aba15bbc8ca0101cbcc8eab06554.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2100-0-0x0000000074831000-0x0000000074832000-memory.dmp

Filesize
4KB

Download
memory/2100-1-0x0000000074830000-0x0000000074DDB000-memory.dmp

Filesize
5.7MB

Download
memory/2100-2-0x0000000074830000-0x0000000074DDB000-memory.dmp

Filesize
5.7MB

Download
memory/2100-3-0x0000000074830000-0x0000000074DDB000-memory.dmp

Filesize
5.7MB

Download
memory/2100-4-0x0000000074830000-0x0000000074DDB000-memory.dmp

Filesize
5.7MB

Download