General

  • Target

    Finale.EXE

  • Size

    201KB

  • Sample

    250304-t8q58svwhy

  • MD5

    b8368d6c79cf6214fbd5690928b9d4f0

  • SHA1

    300c59d4c6cd03c6d6d4400ce453bf9610dd8fb6

  • SHA256

    ebb05b36566dff60f275b81c277383b13f8f5feffc65c3bab34b2b370c513ded

  • SHA512

    85e6ac4cea797370d28c53fe7d09a53ee593de1de681e6c5786cfc22ebbe76cf36b24a1cde4bc56e1d19702d8c5cf8cf79805ba95bb7b7d958cd78681bc78e39

  • SSDEEP

    6144:4VM3y+Jn9/NF2gP7l+ReTIlrTS3mcOxkjA:4VM3y+Jn9/NF2gTl+TrTS2cEk

Malware Config

Extracted

Family

latentbot

C2

lorenzo12321mn5.zapto.org

Targets

    • Target

      Finale.EXE

    • Size

      201KB

    • MD5

      b8368d6c79cf6214fbd5690928b9d4f0

    • SHA1

      300c59d4c6cd03c6d6d4400ce453bf9610dd8fb6

    • SHA256

      ebb05b36566dff60f275b81c277383b13f8f5feffc65c3bab34b2b370c513ded

    • SHA512

      85e6ac4cea797370d28c53fe7d09a53ee593de1de681e6c5786cfc22ebbe76cf36b24a1cde4bc56e1d19702d8c5cf8cf79805ba95bb7b7d958cd78681bc78e39

    • SSDEEP

      6144:4VM3y+Jn9/NF2gP7l+ReTIlrTS3mcOxkjA:4VM3y+Jn9/NF2gTl+TrTS2cEk

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks