Analysis Overview
score
10/10
SHA256
781a29ca63cab69b5c2bbaa38f99227f22dce1ebae66697438e5940c6bab5861
Threat Level: Known bad
The file sshd was found to be: Known bad.
Malicious Activity Summary
Identified Kaiten Bot
Kaiten family
Modifies hosts file
Writes DNS configuration
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-04-03 22:48
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2021-04-03 22:48
Reported
2021-04-03 22:50
Platform
debian9-mipsel
Max time kernel
0s
Max time network
114s
Command Line
[./sshd]
Signatures
Modifies hosts file
| Description | Indicator | Process | Target |
| /etc/hosts | /etc/hosts | N/A | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | N/A | N/A |
Processes
./sshd
[./sshd]
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:53 | prox.realunix.cc | udp |
| N/A | 2.56.8.80:2422 | prox.realunix.cc | tcp |
| N/A | 1.1.1.1:53 | prox.realunix.cc | udp |
| N/A | 2.56.8.80:2422 | prox.realunix.cc | tcp |
| N/A | 1.1.1.1:53 | 2.debian.pool.ntp.org | udp |
| N/A | 5.79.108.34:123 | 2.debian.pool.ntp.org | udp |
| N/A | 5.79.108.34:123 | 2.debian.pool.ntp.org | udp |
| N/A | 5.79.108.34:123 | 2.debian.pool.ntp.org | udp |
Files
N/A