latentbot | cb3156d5b2ef104580e96cb03430fed58cbfdeed6e70874e825dd7221d26379d | Triage

Sharing

General

Target

file.exe
Size

745KB
Sample

250415-tfxsbatvat
MD5

1a9fcbfd38322f7ebeb68a1ba8619b26
SHA1

f681eeced7bf6351257e9af38fd1fd858f7fbb12
SHA256

cb3156d5b2ef104580e96cb03430fed58cbfdeed6e70874e825dd7221d26379d
SHA512

fe981c04256bc21243b81f051632b1dbb00ded111cf73f6515adac3aeb59f63ec7e8026da31e832d8ec50167edab0844799911ab1a027592ac8fa44836100606
SSDEEP

12288:ho8gdP8GLDbfgtsJdjlbr4JtPp7nou4/ZUUAfDCDuxNETymj26:zOzb4sJXmtx7oFbU

Score

10^/10

latentbot xworm rat trojan

Malware Config

Extracted

Family

xworm

Attributes

install_file
MasonUSB.exe

Extracted

Family

latentbot

C2

cryptoghost.zapto.org

Targets

- Target
  
  file.exe
- Size
  
  745KB
- MD5
  
  1a9fcbfd38322f7ebeb68a1ba8619b26
- SHA1
  
  f681eeced7bf6351257e9af38fd1fd858f7fbb12
- SHA256
  
  cb3156d5b2ef104580e96cb03430fed58cbfdeed6e70874e825dd7221d26379d
- SHA512
  
  fe981c04256bc21243b81f051632b1dbb00ded111cf73f6515adac3aeb59f63ec7e8026da31e832d8ec50167edab0844799911ab1a027592ac8fa44836100606
- SSDEEP
  
  12288:ho8gdP8GLDbfgtsJdjlbr4JtPp7nou4/ZUUAfDCDuxNETymj26:zOzb4sJXmtx7oFbU
Score

10^/10

latentbot xworm rat trojan
- Detect Xworm Payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotxwormrattrojan

behavioral2

latentbotxwormrattrojan