Extracted

• • Target

    Teletubbies-Asst-Thumbnail.png

  • Size

    237KB

  • MD5

    a2e5b9bf96a0bb0ad5afa765bdc88a3c

  • SHA1

    e60cf3bc88e35b7b471a20f1ca619ce7bf268bd1

  • SHA256

    b101408bab05ffc25b0ef735770840f40230fb99d9e10d420337d6113e6c1f5a

  • SHA512

    79aaf6510936e77d0adb03fdee72a4197a645ed84b9e32daf708146e8a96bcffb95fde699ba2dfb646a88a55de9c77f4b1582c403e1982b5dbce2d1e1a6a90f5

  • SSDEEP

    3072:sA+McPEy54C5TmVveG8cO/RqYG1FCk6paC6Q8LByqWmhhpaGhWGBom9u03m7bNJD:VSEGB5TGR0paBvys/9u03mHNJg9WrCm

  Score

  10^/10

  latentbotdiscoverypersistenceprivilege_escalationtrojanupx

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Network Service Discovery

    Attempt to gather information on host's network.

    discovery

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1