Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20250410-en
  • resource tags

    arch:armhfimage:debian9-armhf-20250410-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    18/05/2025, 20:04

General

  • Target

    main_arm.elf

  • Size

    130KB

  • MD5

    cb160c5c05d2bd6aff6ff18bbc27bef7

  • SHA1

    f988e7193f756de159f67378ff57cda8e7d8d8c8

  • SHA256

    8e5fb0e22565ed3bf50d12a2be23840eef2ef83735b7eb7a141f26b0e096e378

  • SHA512

    55c0ccb90daf6bae451d4ddf0dd897fd6d250ea16b9f3b8663b7a73780bd54e102f1e0e0c5756ac4664794d3b84ec46eca0bd96650241450f8b4a1e56c57899c

  • SSDEEP

    1536:YKdzElm18uZJNb4ATFa8eAZHk4VB7fzTTDj97g4ivbGeqZvF20lqiwyw6RNPATqX:YKp50cU8e947Lzj97ziytxFhKdKZ

Score
10/10

Malware Config

Extracted

Family

latentbot

C2

bothehedoxiahihi.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm.elf
    /tmp/main_arm.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:661

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads