Malware Analysis Report

2024-12-01 00:48

Sample ID 210403-glzbpk5qla
Target sshd
SHA256 781a29ca63cab69b5c2bbaa38f99227f22dce1ebae66697438e5940c6bab5861
Tags
kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

781a29ca63cab69b5c2bbaa38f99227f22dce1ebae66697438e5940c6bab5861

Threat Level: Known bad

The file sshd was found to be: Known bad.

Malicious Activity Summary

kaiten

Identified Kaiten Bot

Kaiten family

Modifies hosts file

Writes DNS configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-04-03 22:48

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2021-04-03 22:48

Reported

2021-04-03 22:50

Platform

debian9-mipsel

Max time kernel

0s

Max time network

114s

Command Line

[./sshd]

Signatures

Modifies hosts file

Description Indicator Process Target
/etc/hosts /etc/hosts N/A N/A

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf N/A N/A

Processes

./sshd

[./sshd]

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 prox.realunix.cc udp
N/A 2.56.8.80:2422 prox.realunix.cc tcp
N/A 1.1.1.1:53 prox.realunix.cc udp
N/A 2.56.8.80:2422 prox.realunix.cc tcp
N/A 1.1.1.1:53 2.debian.pool.ntp.org udp
N/A 5.79.108.34:123 2.debian.pool.ntp.org udp
N/A 5.79.108.34:123 2.debian.pool.ntp.org udp
N/A 5.79.108.34:123 2.debian.pool.ntp.org udp

Files

N/A