Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-12_armhf -
resource
debian12-armhf-20250410-en -
resource tags
arch:armhfimage:debian12-armhf-20250410-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
18/05/2025, 20:05
General
-
Target
main_arm7.elf
-
Size
177KB
-
MD5
7f4e897ed091a688d7ba7544d9b6dee1
-
SHA1
7eef99b2cd80f7774c6f959f21d5ff9385c866ff
-
SHA256
98dc5b6cb0a982dd6213a147b7f4b40ea57514312958d2f1ed147ac29d44719c
-
SHA512
32a4198c46fcf7d25fa74fb6cecc6bb04a3377e806a3b8213bbee55fd55ea6ac6a853c55fd32682c2f09c5b59d7afab7735205a6a68e3a5cd2a879a8bab5f3d1
-
SSDEEP
3072:OjeivZQ5INXmmme2aE2zuROqb/ANQLLQ38YhTfYo+M/RTYERqLn:GeivZPNX5D2aE2zuROOLLLQ38+x+M/RG
Malware Config
Extracted
Family
latentbot
C2
bothehedoxiahihi.zapto.org
Signatures
-
Latentbot family
-
Deletes itself 1 IoCs
pid Process 758 main_arm7.elf -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 758 main_arm7.elf 759 main_arm7.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 758 main_arm7.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/main_arm7.elf main_arm7.elf