latentbot | 5c48b41dee8c1758fb100990d5d9669ec284e0983b238518d669ede964e1f098

Analysis

max time kernel
149s
max time network
144s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
02/01/2025, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.x86_64.elf
Size

136KB
MD5

dc037b5b523f19d41b86da6d46de42a6
SHA1

b7e3aca7eb103e1c8d3439e14fc697f4f16e3ec1
SHA256

5c48b41dee8c1758fb100990d5d9669ec284e0983b238518d669ede964e1f098
SHA512

ca59f07b9628345e8e242ec687264075e112678429d67671cbf28584107fde46a5939d447cddc95e15e30c7b9a8d0773aa30d29c9b9bc4a9893183b5e2d77925
SSDEEP

3072:tGtwnNiaOnUTLFKPT9OSQ7AOaogjV2iZlBWCgriAOQPdL:tGtwnNiaOnUTFuLyBOQPd

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

botnetdolly.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot
Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	2315	bot.x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/45/cmdline	bot.x86_64.elf
File opened for reading	/proc/54/cmdline	bot.x86_64.elf
File opened for reading	/proc/193/cmdline	bot.x86_64.elf
File opened for reading	/proc/1779/cmdline	bot.x86_64.elf
File opened for reading	/proc/1784/cmdline	bot.x86_64.elf
File opened for reading	/proc/1962/cmdline	bot.x86_64.elf
File opened for reading	/proc/1/cmdline	bot.x86_64.elf
File opened for reading	/proc/30/cmdline	bot.x86_64.elf
File opened for reading	/proc/740/cmdline	bot.x86_64.elf
File opened for reading	/proc/778/cmdline	bot.x86_64.elf
File opened for reading	/proc/1083/cmdline	bot.x86_64.elf
File opened for reading	/proc/1123/cmdline	bot.x86_64.elf
File opened for reading	/proc/2022/cmdline	bot.x86_64.elf
File opened for reading	/proc/3/cmdline	bot.x86_64.elf
File opened for reading	/proc/69/cmdline	bot.x86_64.elf
File opened for reading	/proc/791/cmdline	bot.x86_64.elf
File opened for reading	/proc/1758/cmdline	bot.x86_64.elf
File opened for reading	/proc/2322/cmdline	bot.x86_64.elf
File opened for reading	/proc/10/cmdline	bot.x86_64.elf
File opened for reading	/proc/31/cmdline	bot.x86_64.elf
File opened for reading	/proc/1767/cmdline	bot.x86_64.elf
File opened for reading	/proc/1975/cmdline	bot.x86_64.elf
File opened for reading	/proc/2093/cmdline	bot.x86_64.elf
File opened for reading	/proc/47/cmdline	bot.x86_64.elf
File opened for reading	/proc/384/cmdline	bot.x86_64.elf
File opened for reading	/proc/1820/cmdline	bot.x86_64.elf
File opened for reading	/proc/2075/cmdline	bot.x86_64.elf
File opened for reading	/proc/32/cmdline	bot.x86_64.elf
File opened for reading	/proc/1797/cmdline	bot.x86_64.elf
File opened for reading	/proc/11/cmdline	bot.x86_64.elf
File opened for reading	/proc/202/cmdline	bot.x86_64.elf
File opened for reading	/proc/182/cmdline	bot.x86_64.elf
File opened for reading	/proc/235/cmdline	bot.x86_64.elf
File opened for reading	/proc/793/cmdline	bot.x86_64.elf
File opened for reading	/proc/1723/cmdline	bot.x86_64.elf
File opened for reading	/proc/1799/cmdline	bot.x86_64.elf
File opened for reading	/proc/1984/cmdline	bot.x86_64.elf
File opened for reading	/proc/24/cmdline	bot.x86_64.elf
File opened for reading	/proc/39/cmdline	bot.x86_64.elf
File opened for reading	/proc/56/cmdline	bot.x86_64.elf
File opened for reading	/proc/194/cmdline	bot.x86_64.elf
File opened for reading	/proc/201/cmdline	bot.x86_64.elf
File opened for reading	/proc/763/cmdline	bot.x86_64.elf
File opened for reading	/proc/1675/cmdline	bot.x86_64.elf
File opened for reading	/proc/2130/cmdline	bot.x86_64.elf
File opened for reading	/proc/4/cmdline	bot.x86_64.elf
File opened for reading	/proc/26/cmdline	bot.x86_64.elf
File opened for reading	/proc/43/cmdline	bot.x86_64.elf
File opened for reading	/proc/440/cmdline	bot.x86_64.elf
File opened for reading	/proc/593/cmdline	bot.x86_64.elf
File opened for reading	/proc/35/cmdline	bot.x86_64.elf
File opened for reading	/proc/37/cmdline	bot.x86_64.elf
File opened for reading	/proc/2314/cmdline	bot.x86_64.elf
File opened for reading	/proc/199/cmdline	bot.x86_64.elf
File opened for reading	/proc/1049/cmdline	bot.x86_64.elf
File opened for reading	/proc/22/cmdline	bot.x86_64.elf
File opened for reading	/proc/53/cmdline	bot.x86_64.elf
File opened for reading	/proc/195/cmdline	bot.x86_64.elf
File opened for reading	/proc/432/cmdline	bot.x86_64.elf
File opened for reading	/proc/822/cmdline	bot.x86_64.elf
File opened for reading	/proc/1062/cmdline	bot.x86_64.elf
File opened for reading	/proc/7/cmdline	bot.x86_64.elf
File opened for reading	/proc/13/cmdline	bot.x86_64.elf
File opened for reading	/proc/197/cmdline	bot.x86_64.elf

/tmp/bot.x86_64.elf
/tmp/bot.x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2315

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads