latentbot | d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db

Analysis

max time kernel
150s
max time network
152s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
02/01/2025, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.mpsl.elf
Size

173KB
MD5

0723004002bfea8e35c5db69285d93d2
SHA1

4a5c2368378ecfa3f3d5746115ef6f055b3afa1b
SHA256

d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db
SHA512

f4ecad1fefb5149a67c577d7a1305491a2db9c222018947d356e505cee69ba6b93ac99b73697d0bab5b41e0d283942631779bc9748aa429b49fe9ab8d7b5ba82
SSDEEP

3072:ueEksFM+wX5OpaVR8H3NaMZOTTMJxt9U+7fKbgE:ueEnO+wXZVWdaMATwJHy+u8

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

botnetdolly.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot
Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	698	bot.mpsl.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/716/cmdline	bot.mpsl.elf
File opened for reading	/proc/742/cmdline	bot.mpsl.elf
File opened for reading	/proc/776/cmdline	bot.mpsl.elf
File opened for reading	/proc/766/cmdline	bot.mpsl.elf
File opened for reading	/proc/773/cmdline	bot.mpsl.elf
File opened for reading	/proc/10/cmdline	bot.mpsl.elf
File opened for reading	/proc/72/cmdline	bot.mpsl.elf
File opened for reading	/proc/664/cmdline	bot.mpsl.elf
File opened for reading	/proc/719/cmdline	bot.mpsl.elf
File opened for reading	/proc/690/cmdline	bot.mpsl.elf
File opened for reading	/proc/702/cmdline	bot.mpsl.elf
File opened for reading	/proc/751/cmdline	bot.mpsl.elf
File opened for reading	/proc/784/cmdline	bot.mpsl.elf
File opened for reading	/proc/3/cmdline	bot.mpsl.elf
File opened for reading	/proc/8/cmdline	bot.mpsl.elf
File opened for reading	/proc/11/cmdline	bot.mpsl.elf
File opened for reading	/proc/81/cmdline	bot.mpsl.elf
File opened for reading	/proc/791/cmdline	bot.mpsl.elf
File opened for reading	/proc/738/cmdline	bot.mpsl.elf
File opened for reading	/proc/743/cmdline	bot.mpsl.elf
File opened for reading	/proc/795/cmdline	bot.mpsl.elf
File opened for reading	/proc/734/cmdline	bot.mpsl.elf
File opened for reading	/proc/781/cmdline	bot.mpsl.elf
File opened for reading	/proc/804/cmdline	bot.mpsl.elf
File opened for reading	/proc/2/cmdline	bot.mpsl.elf
File opened for reading	/proc/74/cmdline	bot.mpsl.elf
File opened for reading	/proc/330/cmdline	bot.mpsl.elf
File opened for reading	/proc/697/cmdline	bot.mpsl.elf
File opened for reading	/proc/741/cmdline	bot.mpsl.elf
File opened for reading	/proc/759/cmdline	bot.mpsl.elf
File opened for reading	/proc/800/cmdline	bot.mpsl.elf
File opened for reading	/proc/13/cmdline	bot.mpsl.elf
File opened for reading	/proc/21/cmdline	bot.mpsl.elf
File opened for reading	/proc/78/cmdline	bot.mpsl.elf
File opened for reading	/proc/723/cmdline	bot.mpsl.elf
File opened for reading	/proc/730/cmdline	bot.mpsl.elf
File opened for reading	/proc/805/cmdline	bot.mpsl.elf
File opened for reading	/proc/7/cmdline	bot.mpsl.elf
File opened for reading	/proc/12/cmdline	bot.mpsl.elf
File opened for reading	/proc/36/cmdline	bot.mpsl.elf
File opened for reading	/proc/336/cmdline	bot.mpsl.elf
File opened for reading	/proc/799/cmdline	bot.mpsl.elf
File opened for reading	/proc/471/cmdline	bot.mpsl.elf
File opened for reading	/proc/707/cmdline	bot.mpsl.elf
File opened for reading	/proc/760/cmdline	bot.mpsl.elf
File opened for reading	/proc/771/cmdline	bot.mpsl.elf
File opened for reading	/proc/677/cmdline	bot.mpsl.elf
File opened for reading	/proc/778/cmdline	bot.mpsl.elf
File opened for reading	/proc/5/cmdline	bot.mpsl.elf
File opened for reading	/proc/6/cmdline	bot.mpsl.elf
File opened for reading	/proc/23/cmdline	bot.mpsl.elf
File opened for reading	/proc/24/cmdline	bot.mpsl.elf
File opened for reading	/proc/712/cmdline	bot.mpsl.elf
File opened for reading	/proc/729/cmdline	bot.mpsl.elf
File opened for reading	/proc/740/cmdline	bot.mpsl.elf
File opened for reading	/proc/801/cmdline	bot.mpsl.elf
File opened for reading	/proc/739/cmdline	bot.mpsl.elf
File opened for reading	/proc/761/cmdline	bot.mpsl.elf
File opened for reading	/proc/783/cmdline	bot.mpsl.elf
File opened for reading	/proc/785/cmdline	bot.mpsl.elf
File opened for reading	/proc/37/cmdline	bot.mpsl.elf
File opened for reading	/proc/710/cmdline	bot.mpsl.elf
File opened for reading	/proc/714/cmdline	bot.mpsl.elf
File opened for reading	/proc/733/cmdline	bot.mpsl.elf

/tmp/bot.mpsl.elf
/tmp/bot.mpsl.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:698

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads