latentbot | d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db

Analysis

max time kernel
150s
max time network
148s
platform
debian-12_mipsel
resource
debian12-mipsel-20240418-en
resource tags

arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
03/01/2025, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
Size

173KB
MD5

0723004002bfea8e35c5db69285d93d2
SHA1

4a5c2368378ecfa3f3d5746115ef6f055b3afa1b
SHA256

d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db
SHA512

f4ecad1fefb5149a67c577d7a1305491a2db9c222018947d356e505cee69ba6b93ac99b73697d0bab5b41e0d283942631779bc9748aa429b49fe9ab8d7b5ba82
SSDEEP

3072:ueEksFM+wX5OpaVR8H3NaMZOTTMJxt9U+7fKbgE:ueEnO+wXZVWdaMATwJHy+u8

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

botnetdolly.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot
Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	744	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/7/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/30/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/754/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/788/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/6/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/389/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/698/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/735/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/770/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/25/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/27/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/32/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/767/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/769/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/16/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/711/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/773/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/778/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/8/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/668/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/758/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/115/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/186/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/749/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/10/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/19/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/28/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/45/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/750/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/1/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/781/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/782/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/5/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/47/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/112/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/202/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/751/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/761/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/9/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/117/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/137/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/411/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/12/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/22/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/42/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/777/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/18/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/21/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/26/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/29/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/718/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/4/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/377/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/380/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/759/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/23/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/680/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/753/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/768/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/20/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/34/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/59/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/719/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
File opened for reading	/proc/739/cmdline	d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf

/tmp/d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
/tmp/d5794810b14d56b5c362fa09e568829516a8214f8ac70f3c441a951541e802db.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:744

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads