Analysis
-
max time kernel
150s -
max time network
145s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240729-en -
resource tags
arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
18/05/2025, 20:04
General
-
Target
main_mpsl.elf
-
Size
173KB
-
MD5
0f3febd6ca7a882a6d2c872d9c3f4261
-
SHA1
ae3397d939a5016fa24af95b918a76006d08bc70
-
SHA256
e5d340232e0492693a4c27cb940f5d8026ca4696e12186a7f84f5a67f55e1714
-
SHA512
49d643db01d0279f6f9219693d19b02cec206593b1fb5a5f531b5a9f180819c048fc6a84f93ef66d01315090b14a2b06e1ee9eb3598dbb0ded6fc9ecd0b43a65
-
SSDEEP
1536:HwdqBezGeDxxeXJvkgBZOofcQq6K7yKshdUNmBvLZvU1SaZ6y985gkgXw5jxgK2/:HKpzGoe9kSfcQqW9v8SawFgXojl5eFt
Malware Config
Extracted
Family
latentbot
C2
bothehedoxiahihi.zapto.org
Signatures
-
Latentbot family
-
Deletes itself 1 IoCs
pid Process 746 main_mpsl.elf -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 746 main_mpsl.elf 747 main_mpsl.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 746 main_mpsl.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/main_mpsl.elf main_mpsl.elf