Malware Analysis Report

2025-05-28 17:58

Sample ID 250518-ytek4sck8y
Target main_mips.elf
SHA256 c30cd78ae31e8db8faf6eed8dc71998a04dce8c04b033fa97ab81db193e0a13f
Tags
mirai latentbot discovery trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c30cd78ae31e8db8faf6eed8dc71998a04dce8c04b033fa97ab81db193e0a13f

Threat Level: Known bad

The file main_mips.elf was found to be: Known bad.

Malicious Activity Summary

mirai latentbot discovery trojan

Mirai family

LatentBot

Latentbot family

Deletes itself

Traces itself

Changes its process name

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-18 20:04

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-18 20:04

Reported

2025-05-18 20:06

Platform

debian9-mipsbe-20240729-en

Max time kernel

149s

Max time network

149s

Command Line

[/tmp/main_mips.elf]

Signatures

LatentBot

trojan latentbot

Latentbot family

latentbot

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/main_mips.elf N/A

Traces itself

Description Indicator Process Target
N/A N/A /tmp/main_mips.elf N/A
N/A N/A /tmp/main_mips.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself httpd /tmp/main_mips.elf N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/main_mips.elf N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/main_mips.elf /tmp/main_mips.elf N/A

Processes

/tmp/main_mips.elf

[/tmp/main_mips.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bothehedoxiahihi.zapto.org udp
NL 196.251.80.240:1995 bothehedoxiahihi.zapto.org tcp

Files

N/A