latentbot | 316f49af70c95350bb0df489ea7ed29e56f5cb57dcc7419d379208e7eae043b3 | Triage

Sharing

General

Target

JaffaCakes118_9bd2f65fd306a7c63123a81a39a572c7
Size

162KB
Sample

250406-tfm8waswds
MD5

9bd2f65fd306a7c63123a81a39a572c7
SHA1

8dd51d4f8a7c556d25a18bf2c3fa726b320783e8
SHA256

316f49af70c95350bb0df489ea7ed29e56f5cb57dcc7419d379208e7eae043b3
SHA512

8cd81f211bd857329e798c21dacce29ab9582a315bb395e61f18823dd52b523d3f17c3b263f813588c432e23424ec306bb268527dc7a09a8423f721b377ed9f8
SSDEEP

3072:Pf06mWDb4C5cWPhIbPNjtzZ/VsUu4W/0blXohs+JX+q:0cbZrpIbPNjtz/VW/0blXC

Score

10^/10

latentbot discovery persistence trojan

Malware Config

Extracted

Family

latentbot

C2

cybergateperez.zapto.org

Targets

- Target
  
  JaffaCakes118_9bd2f65fd306a7c63123a81a39a572c7
- Size
  
  162KB
- MD5
  
  9bd2f65fd306a7c63123a81a39a572c7
- SHA1
  
  8dd51d4f8a7c556d25a18bf2c3fa726b320783e8
- SHA256
  
  316f49af70c95350bb0df489ea7ed29e56f5cb57dcc7419d379208e7eae043b3
- SHA512
  
  8cd81f211bd857329e798c21dacce29ab9582a315bb395e61f18823dd52b523d3f17c3b263f813588c432e23424ec306bb268527dc7a09a8423f721b377ed9f8
- SSDEEP
  
  3072:Pf06mWDb4C5cWPhIbPNjtzZ/VsUu4W/0blXohs+JX+q:0cbZrpIbPNjtz/VW/0blXC
Score

10^/10

latentbot discovery persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotdiscoverypersistencetrojan