Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20250410-en -
resource tags
arch:armhfimage:debian9-armhf-20250410-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18/05/2025, 20:04
General
-
Target
main_arm.elf
-
Size
130KB
-
MD5
cb160c5c05d2bd6aff6ff18bbc27bef7
-
SHA1
f988e7193f756de159f67378ff57cda8e7d8d8c8
-
SHA256
8e5fb0e22565ed3bf50d12a2be23840eef2ef83735b7eb7a141f26b0e096e378
-
SHA512
55c0ccb90daf6bae451d4ddf0dd897fd6d250ea16b9f3b8663b7a73780bd54e102f1e0e0c5756ac4664794d3b84ec46eca0bd96650241450f8b4a1e56c57899c
-
SSDEEP
1536:YKdzElm18uZJNb4ATFa8eAZHk4VB7fzTTDj97g4ivbGeqZvF20lqiwyw6RNPATqX:YKp50cU8e947Lzj97ziytxFhKdKZ
Malware Config
Extracted
Family
latentbot
C2
bothehedoxiahihi.zapto.org
Signatures
-
Latentbot family
-
Deletes itself 1 IoCs
pid Process 661 main_arm.elf -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 661 main_arm.elf 662 main_arm.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 661 main_arm.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/main_arm.elf main_arm.elf