latentbot | d4c371d9f2dcbf10e5431613552c9402eb2173949438616b831ebe3d9c5d46f3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

FVGSetup.exe

windows10-2004-x64

Sharing

General

Target

FVGSetup.bin
Size

38.0MB
Sample

250308-xdcwxa1sht
MD5

f94f1582b9960e4bb251ab46e18d35ae
SHA1

42dda48371f0d7fb128ae0ee89dcbdc1df520509
SHA256

d4c371d9f2dcbf10e5431613552c9402eb2173949438616b831ebe3d9c5d46f3
SHA512

a56705417c803a8d9bfe01ff80697fd2ea5530aab0bcbc4712ad1e3961c539d21be4a23f57ded1543fa2aa7ae57953e79704c0ee21a170345edcb6fc42b8d23d
SSDEEP

786432:vquggO6BVbMYLy+//BaGXhqavcPz2qbSIpRQwoS8QEZX3FPZ+aMuwmJrzE4vv89Y:vlggO6BVn1UGxB0Pz2qbSIpRQwoS8QEZ

Score

10^/10

latentbot discovery persistence privilege_escalation spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FVGSetup.exe

Resource

win10v2004-20250217-en

latentbot discovery persistence privilege_escalation spyware stealer trojan

windows10-2004-x64

30 signatures

300 seconds

Malware Config

Extracted

Family

latentbot

C2

freevpnguard.zapto.org

Targets

- Target
  
  FVGSetup.bin
- Size
  
  38.0MB
- MD5
  
  f94f1582b9960e4bb251ab46e18d35ae
- SHA1
  
  42dda48371f0d7fb128ae0ee89dcbdc1df520509
- SHA256
  
  d4c371d9f2dcbf10e5431613552c9402eb2173949438616b831ebe3d9c5d46f3
- SHA512
  
  a56705417c803a8d9bfe01ff80697fd2ea5530aab0bcbc4712ad1e3961c539d21be4a23f57ded1543fa2aa7ae57953e79704c0ee21a170345edcb6fc42b8d23d
- SSDEEP
  
  786432:vquggO6BVbMYLy+//BaGXhqavcPz2qbSIpRQwoS8QEZX3FPZ+aMuwmJrzE4vv89Y:vlggO6BVn1UGxB0Pz2qbSIpRQwoS8QEZ
Score

10^/10

latentbot discovery persistence privilege_escalation spyware stealer trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads ssh keys stored on the system
  Tries to access SSH used by SSH programs.
  spyware stealer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoverypersistenceprivilege_escalationspywarestealertrojan

© 2018-2025

Terms | Privacy