Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20250410-en
  • resource tags

    arch:armhfimage:debian12-armhf-20250410-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    18/05/2025, 20:05

General

  • Target

    main_arm7.elf

  • Size

    177KB

  • MD5

    7f4e897ed091a688d7ba7544d9b6dee1

  • SHA1

    7eef99b2cd80f7774c6f959f21d5ff9385c866ff

  • SHA256

    98dc5b6cb0a982dd6213a147b7f4b40ea57514312958d2f1ed147ac29d44719c

  • SHA512

    32a4198c46fcf7d25fa74fb6cecc6bb04a3377e806a3b8213bbee55fd55ea6ac6a853c55fd32682c2f09c5b59d7afab7735205a6a68e3a5cd2a879a8bab5f3d1

  • SSDEEP

    3072:OjeivZQ5INXmmme2aE2zuROqb/ANQLLQ38YhTfYo+M/RTYERqLn:GeivZPNX5D2aE2zuROOLLLQ38+x+M/RG

Score
10/10

Malware Config

Extracted

Family

latentbot

C2

bothehedoxiahihi.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm7.elf
    /tmp/main_arm7.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:758

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads