latentbot | 5c48b41dee8c1758fb100990d5d9669ec284e0983b238518d669ede964e1f098

Analysis

max time kernel
3s
max time network
1s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
14/01/2025, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.x86_64
Size

136KB
MD5

dc037b5b523f19d41b86da6d46de42a6
SHA1

b7e3aca7eb103e1c8d3439e14fc697f4f16e3ec1
SHA256

5c48b41dee8c1758fb100990d5d9669ec284e0983b238518d669ede964e1f098
SHA512

ca59f07b9628345e8e242ec687264075e112678429d67671cbf28584107fde46a5939d447cddc95e15e30c7b9a8d0773aa30d29c9b9bc4a9893183b5e2d77925
SSDEEP

3072:tGtwnNiaOnUTLFKPT9OSQ7AOaogjV2iZlBWCgriAOQPdL:tGtwnNiaOnUTFuLyBOQPd

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

botnetdolly.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot
Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	2496	bot.x86_64

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/34/cmdline	bot.x86_64
File opened for reading	/proc/56/cmdline	bot.x86_64
File opened for reading	/proc/197/cmdline	bot.x86_64
File opened for reading	/proc/1048/cmdline	bot.x86_64
File opened for reading	/proc/1949/cmdline	bot.x86_64
File opened for reading	/proc/2153/cmdline	bot.x86_64
File opened for reading	/proc/31/cmdline	bot.x86_64
File opened for reading	/proc/41/cmdline	bot.x86_64
File opened for reading	/proc/457/cmdline	bot.x86_64
File opened for reading	/proc/509/cmdline	bot.x86_64
File opened for reading	/proc/593/cmdline	bot.x86_64
File opened for reading	/proc/1923/cmdline	bot.x86_64
File opened for reading	/proc/1951/cmdline	bot.x86_64
File opened for reading	/proc/1980/cmdline	bot.x86_64
File opened for reading	/proc/2168/cmdline	bot.x86_64
File opened for reading	/proc/192/cmdline	bot.x86_64
File opened for reading	/proc/807/cmdline	bot.x86_64
File opened for reading	/proc/1123/cmdline	bot.x86_64
File opened for reading	/proc/50/cmdline	bot.x86_64
File opened for reading	/proc/71/cmdline	bot.x86_64
File opened for reading	/proc/418/cmdline	bot.x86_64
File opened for reading	/proc/762/cmdline	bot.x86_64
File opened for reading	/proc/1055/cmdline	bot.x86_64
File opened for reading	/proc/2000/cmdline	bot.x86_64
File opened for reading	/proc/18/cmdline	bot.x86_64
File opened for reading	/proc/25/cmdline	bot.x86_64
File opened for reading	/proc/26/cmdline	bot.x86_64
File opened for reading	/proc/127/cmdline	bot.x86_64
File opened for reading	/proc/9/cmdline	bot.x86_64
File opened for reading	/proc/12/cmdline	bot.x86_64
File opened for reading	/proc/30/cmdline	bot.x86_64
File opened for reading	/proc/47/cmdline	bot.x86_64
File opened for reading	/proc/51/cmdline	bot.x86_64
File opened for reading	/proc/52/cmdline	bot.x86_64
File opened for reading	/proc/755/cmdline	bot.x86_64
File opened for reading	/proc/1928/cmdline	bot.x86_64
File opened for reading	/proc/2130/cmdline	bot.x86_64
File opened for reading	/proc/46/cmdline	bot.x86_64
File opened for reading	/proc/754/cmdline	bot.x86_64
File opened for reading	/proc/1042/cmdline	bot.x86_64
File opened for reading	/proc/1868/cmdline	bot.x86_64
File opened for reading	/proc/2098/cmdline	bot.x86_64
File opened for reading	/proc/6/cmdline	bot.x86_64
File opened for reading	/proc/65/cmdline	bot.x86_64
File opened for reading	/proc/69/cmdline	bot.x86_64
File opened for reading	/proc/338/cmdline	bot.x86_64
File opened for reading	/proc/769/cmdline	bot.x86_64
File opened for reading	/proc/776/cmdline	bot.x86_64
File opened for reading	/proc/861/cmdline	bot.x86_64
File opened for reading	/proc/2001/cmdline	bot.x86_64
File opened for reading	/proc/29/cmdline	bot.x86_64
File opened for reading	/proc/36/cmdline	bot.x86_64
File opened for reading	/proc/48/cmdline	bot.x86_64
File opened for reading	/proc/859/cmdline	bot.x86_64
File opened for reading	/proc/1066/cmdline	bot.x86_64
File opened for reading	/proc/2230/cmdline	bot.x86_64
File opened for reading	/proc/2291/cmdline	bot.x86_64
File opened for reading	/proc/2500/cmdline	bot.x86_64
File opened for reading	/proc/5/cmdline	bot.x86_64
File opened for reading	/proc/15/cmdline	bot.x86_64
File opened for reading	/proc/17/cmdline	bot.x86_64
File opened for reading	/proc/28/cmdline	bot.x86_64
File opened for reading	/proc/40/cmdline	bot.x86_64
File opened for reading	/proc/2495/cmdline	bot.x86_64

/tmp/bot.x86_64
/tmp/bot.x86_64
1⤵
- Changes its process name
- Reads runtime system information
PID:2496

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads