latentbot | 398e77a90441593aefc0e67e466a1bad3d86ad375f92b41d1e01040b72261133 | Triage

Sharing

General

Target

398e77a90441593aefc0e67e466a1bad3d86ad375f92b41d1e01040b72261133N.exe
Size

93KB
Sample

250208-bmpfeaxmdy
MD5

2448569135093be80534825cfcb51e50
SHA1

92dfadb125a4ec17fc99b7c82e9af9ea01807870
SHA256

398e77a90441593aefc0e67e466a1bad3d86ad375f92b41d1e01040b72261133
SHA512

f4c136c069d3216a7e6c9bab92660256f81be152a1126fd0dd8895ee789a8dbd874705886304702794e5d19a1ad556788c5d78ec3beb534337e1ef020572bba9
SSDEEP

1536:EUNJD/HBZbszKu9AZp77r1jEwzGi1dDwDmgS:EUUzK4AZtHCi1dmL

Score

10^/10

latentbot njrat hackeds defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKeds

C2

hakim32.ddns.net:2000

njratcrackbiden.zapto.org:4564

Mutex

9f86a05fe71eceff3c911e9736a6e52e

Attributes

reg_key
9f86a05fe71eceff3c911e9736a6e52e
splitter
|'|'|

Extracted

Family

latentbot

C2

njratcrackbiden.zapto.org

Targets

- Target
  
  398e77a90441593aefc0e67e466a1bad3d86ad375f92b41d1e01040b72261133N.exe
- Size
  
  93KB
- MD5
  
  2448569135093be80534825cfcb51e50
- SHA1
  
  92dfadb125a4ec17fc99b7c82e9af9ea01807870
- SHA256
  
  398e77a90441593aefc0e67e466a1bad3d86ad375f92b41d1e01040b72261133
- SHA512
  
  f4c136c069d3216a7e6c9bab92660256f81be152a1126fd0dd8895ee789a8dbd874705886304702794e5d19a1ad556788c5d78ec3beb534337e1ef020572bba9
- SSDEEP
  
  1536:EUNJD/HBZbszKu9AZp77r1jEwzGi1dDwDmgS:EUUzK4AZtHCi1dmL
Score

10^/10

latentbot defense_evasion discovery persistence privilege_escalation trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Downloads MZ/PE file
- Modifies Windows Firewall
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

behavioral2

latentbotdefense_evasiondiscoverypersistenceprivilege_escalationtrojan