latentbot | 8f4d46ef3df58b4b056302f5128dea4406c5ec321ca0aef51b61240cada41126 | Triage

Submit
Reports

Overview

overview

Static

static

3

1df3e22f5f...18.exe

windows7-x64

1df3e22f5f...18.exe

windows10-2004-x64

Sharing

General

Target

1df3e22f5fc25ab21e3fb89684818d46_JaffaCakes118
Size

1.4MB
Sample

240702-eqyp2ayfkm
MD5

1df3e22f5fc25ab21e3fb89684818d46
SHA1

d72729754bd91f0f1d0b039583c28f7d03839523
SHA256

8f4d46ef3df58b4b056302f5128dea4406c5ec321ca0aef51b61240cada41126
SHA512

61fbdecae71346359aaac42f50323be0180459c8b573376b2e1fe1af7a82dc023f970d18f14db1ba950a5a4c898ef66a1bf27380534d08bdf334d83a071ba8ca
SSDEEP

24576:Xj+kb1dw1UFbU8u6gM+7gG1xM5hCN4vph0RMj+kb1dw1UFbU8u6gM+7gG1xM5hC9:zHb1c6X+d/4308Hb1c6X+d/430B

Score

10^/10

latentbot evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1df3e22f5fc25ab21e3fb89684818d46_JaffaCakes118.exe

Resource

win7-20240508-en

latentbot evasion trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1df3e22f5fc25ab21e3fb89684818d46_JaffaCakes118.exe

Resource

win10v2004-20240226-en

latentbot evasion trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

nyandcompany.zapto.org

Targets

- Target
  
  1df3e22f5fc25ab21e3fb89684818d46_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  1df3e22f5fc25ab21e3fb89684818d46
- SHA1
  
  d72729754bd91f0f1d0b039583c28f7d03839523
- SHA256
  
  8f4d46ef3df58b4b056302f5128dea4406c5ec321ca0aef51b61240cada41126
- SHA512
  
  61fbdecae71346359aaac42f50323be0180459c8b573376b2e1fe1af7a82dc023f970d18f14db1ba950a5a4c898ef66a1bf27380534d08bdf334d83a071ba8ca
- SSDEEP
  
  24576:Xj+kb1dw1UFbU8u6gM+7gG1xM5hCN4vph0RMj+kb1dw1UFbU8u6gM+7gG1xM5hC9:zHb1c6X+d/4308Hb1c6X+d/430B
Score

10^/10

latentbot evasion trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

latentbotevasiontrojan

behavioral2

latentbotevasiontrojan

© 2018-2024

Terms | Privacy