Analysis
-
max time kernel
149s -
max time network
149s -
platform
debian-9_armhf -
resource
debian9-armhf-20250410-en -
resource tags
arch:armhfimage:debian9-armhf-20250410-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18/05/2025, 20:05
General
-
Target
main_arm5.elf
-
Size
126KB
-
MD5
2529aded255c3fd3c174609db56b336b
-
SHA1
ac4c520d775763e35da5cfeb5948f685f3282d5f
-
SHA256
0dedcfa5e3d8350593d6f5e09c8af6be7949ad85ce89a1294d1e848244da366c
-
SHA512
8788ac5c1efa1e8efd9bbb3e99580c87ec51fc32901246d9a2ac932ca5bfc465177de96badc5141cac58baef6e6555b0a2c6248eff6093e1e72be6683f0be236
-
SSDEEP
3072:pKaprMh7qOXWFh4UX0AFcO5ZupvWVXeZ:pK7fXgh4UEAFcuZupeVXeZ
Malware Config
Extracted
Family
latentbot
C2
bothehedoxiahihi.zapto.org
Signatures
-
Latentbot family
-
Deletes itself 1 IoCs
pid Process 650 main_arm5.elf -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 650 main_arm5.elf 651 main_arm5.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 650 main_arm5.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/main_arm5.elf main_arm5.elf