General
-
Target
96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866
-
Size
1.1MB
-
Sample
250304-ee7hsszly4
-
MD5
b23b3554e5a07fd154cfc3fd792da27e
-
SHA1
79d9f908684ef74fc071c3cdcd28c4d50d14636b
-
SHA256
96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866
-
SHA512
d8fc5be2b9306d309a9dbcd336219736663ef852209608780b669aba173aa8800f3fc1bde419df101c24ec32ab89fd0378bec2baa9a730ca09e3339ffa60ffc0
-
SSDEEP
24576:iCcR7sQT2p3V3hIk9P9HNrPgfa+nC2gJ:iCY7XOV3hIk99JYfrC
Static task
static1
Behavioral task
behavioral1
Sample
96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
latentbot
cryptoghost.zapto.org
Targets
-
-
Target
96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866
-
Size
1.1MB
-
MD5
b23b3554e5a07fd154cfc3fd792da27e
-
SHA1
79d9f908684ef74fc071c3cdcd28c4d50d14636b
-
SHA256
96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866
-
SHA512
d8fc5be2b9306d309a9dbcd336219736663ef852209608780b669aba173aa8800f3fc1bde419df101c24ec32ab89fd0378bec2baa9a730ca09e3339ffa60ffc0
-
SSDEEP
24576:iCcR7sQT2p3V3hIk9P9HNrPgfa+nC2gJ:iCY7XOV3hIk99JYfrC
-
Latentbot family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1