General

  • Target

    96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866

  • Size

    1.1MB

  • Sample

    250304-ee7hsszly4

  • MD5

    b23b3554e5a07fd154cfc3fd792da27e

  • SHA1

    79d9f908684ef74fc071c3cdcd28c4d50d14636b

  • SHA256

    96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866

  • SHA512

    d8fc5be2b9306d309a9dbcd336219736663ef852209608780b669aba173aa8800f3fc1bde419df101c24ec32ab89fd0378bec2baa9a730ca09e3339ffa60ffc0

  • SSDEEP

    24576:iCcR7sQT2p3V3hIk9P9HNrPgfa+nC2gJ:iCY7XOV3hIk99JYfrC

Malware Config

Extracted

Family

latentbot

C2

cryptoghost.zapto.org

Targets

    • Target

      96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866

    • Size

      1.1MB

    • MD5

      b23b3554e5a07fd154cfc3fd792da27e

    • SHA1

      79d9f908684ef74fc071c3cdcd28c4d50d14636b

    • SHA256

      96f1841212cf8a0ce287677617f41c35f4e9fbd31e5a356da5d987681293d866

    • SHA512

      d8fc5be2b9306d309a9dbcd336219736663ef852209608780b669aba173aa8800f3fc1bde419df101c24ec32ab89fd0378bec2baa9a730ca09e3339ffa60ffc0

    • SSDEEP

      24576:iCcR7sQT2p3V3hIk9P9HNrPgfa+nC2gJ:iCY7XOV3hIk99JYfrC

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks