Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20250307-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    18/05/2025, 20:05

General

  • Target

    main_x86.elf

  • Size

    87KB

  • MD5

    16773f1f5c49ae5278fd53bb2e58ec39

  • SHA1

    7b537f78c619e0cc2d86a41dd13c845243c455ff

  • SHA256

    13bc252e37244f3b54296ddf2b91f1b5c341eab472eb52f197200c89c5c84603

  • SHA512

    d14df3682a00cfc03cf675cad9f0159e6d7b093f5c107606eddc7ef6ead429ceeecdfceea797bb3e531f10b34eba468408537861ca1ac232deb3b1ae9bed328f

  • SSDEEP

    1536:W/QCZaxGdvts3i5JPhoLwxPu++gzV4UIKqI4FrS4LSf:WYCZa8dvm3oJPhewxP5ZV6KfUmDf

Malware Config

Extracted

Family

latentbot

C2

bothehedoxiahihi.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • Loads a kernel module 3 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_x86.elf
    /tmp/main_x86.elf
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2525

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads