Analysis

  • max time kernel
    122s
  • max time network
    146s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    18/05/2025, 20:10

General

  • Target

    main_mips.elf

  • Size

    169KB

  • MD5

    787d985303b4dea5322200feb8d6a463

  • SHA1

    b03354c2482b60449202c17391a905b32070f33e

  • SHA256

    c30cd78ae31e8db8faf6eed8dc71998a04dce8c04b033fa97ab81db193e0a13f

  • SHA512

    7ec51d7bb11266508a18c2ee522507303d144e0f6990413aa094d5ed932c3d597a0ad89d688b9965bceda934a778049226f2941e930de321e4da4313aab65849

  • SSDEEP

    3072:vg57xt7LHZwbq1ESBa3VCvrCsWrFesCIX:vglxt7LHZgh6C9FHCIX

Malware Config

Extracted

Family

latentbot

C2

bothehedoxiahihi.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_mips.elf
    /tmp/main_mips.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • System Network Configuration Discovery
    • Writes file to tmp directory
    PID:709

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads