Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    01/01/2025, 23:46

General

  • Target

    bot.arm7.elf

  • Size

    175KB

  • MD5

    b879e8281f57d1bb2ed6924e36abdfd2

  • SHA1

    26b0b1f5a98b657f822177ec029a64ff0a758fc6

  • SHA256

    b15391a5bc89b016807a7eb36ba74c8f7c68299afc3a0538e89b120597217e75

  • SHA512

    53bad62e6f72f20e96514274c50f65898dc983fafe07668df5b017eee71540c98003f62f7c46b1a17c4708f4d6881db720b4be89a8b7e1b8e46f7f991b79d63d

  • SSDEEP

    3072:HK/lcDBbBLHcBCkAabwdyqkkUbH/6EBp9O/hJjogM/RHyfqs:HK/UBLHElAabwdybkQ1BTO/XMgM/RHyz

Malware Config

Extracted

Family

latentbot

C2

botnetdolly.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bot.arm7.elf
    /tmp/bot.arm7.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads