latentbot | 6e5988c481f6aeb587b13c8ac878c14a14bae316461f02698025e2abc420ee82 | Triage

Submit
Reports

Overview

overview

Static

static

3

1fedb1fbce...18.exe

windows7-x64

1fedb1fbce...18.exe

windows10-2004-x64

Sharing

General

Target

1fedb1fbce0fc41feabd5c54164547b5_JaffaCakes118
Size

2.2MB
Sample

240702-tf86cazfqf
MD5

1fedb1fbce0fc41feabd5c54164547b5
SHA1

d75001fa1f4ff2a391aef04a5158b803d54798cd
SHA256

6e5988c481f6aeb587b13c8ac878c14a14bae316461f02698025e2abc420ee82
SHA512

c5c08e202bd212340e581448dbf6d351ce3fd835313bb05e4b6fb344ba4bb47b9a76d8bba2a4a70c4a3fdcc64fd9fa7fc3926d606482d57abdf0c7323f321521
SSDEEP

24576:HnHngD0Mmf9IvYzAne5uxTjpB0GsdYksLtXf+PIDmJusil3P+uuxT8FtrkzqaiP2:nse5+vv1afusa32dg7dAxxHy4ehFK

Score

10^/10

latentbot persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1fedb1fbce0fc41feabd5c54164547b5_JaffaCakes118.exe

Resource

win7-20240220-en

latentbot persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1fedb1fbce0fc41feabd5c54164547b5_JaffaCakes118.exe

Resource

win10v2004-20240611-en

latentbot persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

yeniceriler.zapto.org

Targets

- Target
  
  1fedb1fbce0fc41feabd5c54164547b5_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  1fedb1fbce0fc41feabd5c54164547b5
- SHA1
  
  d75001fa1f4ff2a391aef04a5158b803d54798cd
- SHA256
  
  6e5988c481f6aeb587b13c8ac878c14a14bae316461f02698025e2abc420ee82
- SHA512
  
  c5c08e202bd212340e581448dbf6d351ce3fd835313bb05e4b6fb344ba4bb47b9a76d8bba2a4a70c4a3fdcc64fd9fa7fc3926d606482d57abdf0c7323f321521
- SSDEEP
  
  24576:HnHngD0Mmf9IvYzAne5uxTjpB0GsdYksLtXf+PIDmJusil3P+uuxT8FtrkzqaiP2:nse5+vv1afusa32dg7dAxxHy4ehFK
Score

10^/10

latentbot persistence trojan
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

latentbotpersistencetrojan

behavioral2

latentbotpersistencetrojan

© 2018-2024

Terms | Privacy