Analysis
-
max time kernel
133s -
max time network
149s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
18/05/2025, 19:59
Static task
static1
General
-
Target
main_x86_64
-
Size
136KB
-
MD5
5e63d73b1e27c330ad767b28da293639
-
SHA1
80489b3c5bd9a586117558545b02c041643f40f8
-
SHA256
9d6f3091c278d456955465a66c474c1f64f1e480791c5ffc3154cec983979102
-
SHA512
a58ab52e0a4d8761fcd2b3cf7095286e6ab48b01f78b3c303d8cc10b27fa92a888553265a99c12dde8aa60a4729555441921c26024e8c952cceaf5953965051f
-
SSDEEP
3072:79eSuygEPjt6qkWqydymDnYMb0YBd/gQyVGsdqml6saj:79eSuygEPjt6qkWqZmH2lasa
Malware Config
Extracted
Family
latentbot
C2
bothehedoxiahihi.zapto.org
Signatures
-
Latentbot family
-
Deletes itself 1 IoCs
pid Process 1565 main_x86_64 -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 1565 main_x86_64 1566 main_x86_64 -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 1565 main_x86_64 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/main_x86_64 main_x86_64