Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20250410-en
  • resource tags

    arch:armhfimage:debian9-armhf-20250410-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    18/05/2025, 20:05

General

  • Target

    main_arm5.elf

  • Size

    126KB

  • MD5

    2529aded255c3fd3c174609db56b336b

  • SHA1

    ac4c520d775763e35da5cfeb5948f685f3282d5f

  • SHA256

    0dedcfa5e3d8350593d6f5e09c8af6be7949ad85ce89a1294d1e848244da366c

  • SHA512

    8788ac5c1efa1e8efd9bbb3e99580c87ec51fc32901246d9a2ac932ca5bfc465177de96badc5141cac58baef6e6555b0a2c6248eff6093e1e72be6683f0be236

  • SSDEEP

    3072:pKaprMh7qOXWFh4UX0AFcO5ZupvWVXeZ:pK7fXgh4UEAFcuZupeVXeZ

Score
10/10

Malware Config

Extracted

Family

latentbot

C2

bothehedoxiahihi.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm5.elf
    /tmp/main_arm5.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:650

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads