latentbot | 573b6b682ba79aa17aea93a00e8c9f4b3b8d90f177f219682e879bf15c32c55d | Triage

Sharing

General

Target

file.exe
Size

1.5MB
Sample

250415-tfxsbatvav
MD5

331c0633d4eaecd87c39180f7f350769
SHA1

7339299f301e2bf82989029391366da000f53bc6
SHA256

573b6b682ba79aa17aea93a00e8c9f4b3b8d90f177f219682e879bf15c32c55d
SHA512

7edb099b0566bdb365545bf3f5f28e937141eb3eacf33877ee1f2d1aee65fe429a741aba03bbd92d37a1e93ff5f8fe18ea4d53b957abb06e40c598495fcfaec7
SSDEEP

24576:fBGIMKfL6k4fP133M+Rvf9rJ9UpENLKmgUmVGn0LQ:fBGIrfL6kIP133TR39rPUGNLKmegn0L

Score

10^/10

latentbot xworm rat trojan

Malware Config

Extracted

Family

xworm

Attributes

install_file
MasonUSB.exe

Extracted

Family

latentbot

C2

cryptoghost.zapto.org

Targets

- Target
  
  file.exe
- Size
  
  1.5MB
- MD5
  
  331c0633d4eaecd87c39180f7f350769
- SHA1
  
  7339299f301e2bf82989029391366da000f53bc6
- SHA256
  
  573b6b682ba79aa17aea93a00e8c9f4b3b8d90f177f219682e879bf15c32c55d
- SHA512
  
  7edb099b0566bdb365545bf3f5f28e937141eb3eacf33877ee1f2d1aee65fe429a741aba03bbd92d37a1e93ff5f8fe18ea4d53b957abb06e40c598495fcfaec7
- SSDEEP
  
  24576:fBGIMKfL6k4fP133M+Rvf9rJ9UpENLKmgUmVGn0LQ:fBGIrfL6kIP133TR39rPUGNLKmegn0L
Score

10^/10

latentbot xworm rat trojan
- Detect Xworm Payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

latentbotxwormrattrojan

behavioral2

latentbotxwormrattrojan