Malware Analysis Report

2024-12-01 00:48

Sample ID 210409-f8xyqv3aq2
Target 80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe
SHA256 80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe
Tags
persistence kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe

Threat Level: Known bad

The file 80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe was found to be: Known bad.

Malicious Activity Summary

persistence kaiten

Identified Kaiten Bot

Kaiten family

Writes DNS configuration

Modifies hosts file

Modifies rc script

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-04-09 19:37

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2021-04-09 19:37

Reported

2021-04-09 19:41

Platform

ubuntu-amd64

Max time kernel

12196s

Max time network

125s

Command Line

[./80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe]

Signatures

Modifies hosts file

Description Indicator Process Target
/etc/hosts /etc/hosts N/A N/A

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf N/A N/A

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local ./80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe N/A

Processes

./80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe

[./80b4d47bfbd273f0bcc609dfff4a322575df824149438bdbbe82ba9cd4448dfe]

Network

Country Destination Domain Proto
N/A 115.149.148.82:23 tcp
N/A 121.177.130.59:23 tcp
N/A 94.70.201.114:23 tcp
N/A 81.68.160.54:23 tcp
N/A 58.96.31.141:23 tcp
N/A 121.225.187.104:23 tcp
N/A 124.6.136.78:23 tcp
N/A 142.113.24.17:23 tcp
N/A 171.100.50.157:23 tcp
N/A 200.225.193.166:23 tcp
N/A 202.133.234.196:23 tcp
N/A 76.223.98.15:23 tcp
N/A 75.170.84.218:23 tcp
N/A 61.121.219.194:23 tcp
N/A 197.15.221.203:23 tcp
N/A 177.82.83.179:23 tcp
N/A 61.177.42.158:23 tcp
N/A 72.38.197.108:23 tcp
N/A 220.242.128.36:2323 tcp
N/A 220.242.128.36:2323 tcp
N/A 186.74.83.194:23 tcp
N/A 196.30.9.173:23 tcp
N/A 79.162.199.128:23 tcp
N/A 31.168.55.197:23 tcp
N/A 222.249.170.221:23 tcp
N/A 171.103.99.239:23 tcp
N/A 103.43.145.43:23 tcp
N/A 61.161.108.249:23 tcp
N/A 110.19.208.110:23 tcp
N/A 1.1.1.1:53 ircxx.us.to udp
N/A 51.222.205.106:20 ircxx.us.to tcp
N/A 190.35.238.65:23 tcp
N/A 111.93.203.169:23 tcp
N/A 86.109.195.66:23 tcp
N/A 178.160.7.69:23 tcp
N/A 103.146.113.134:23 tcp
N/A 70.184.146.196:23 tcp
N/A 117.90.148.180:23 tcp
N/A 211.198.220.175:23 tcp
N/A 171.103.99.239:23 tcp
N/A 1.27.226.51:23 tcp
N/A 27.2.145.227:23 tcp
N/A 201.236.168.121:23 tcp
N/A 120.157.53.169:23 tcp
N/A 123.20.52.58:23 tcp
N/A 118.39.178.129:23 tcp
N/A 201.55.101.142:23 tcp
N/A 211.75.78.122:23 tcp
N/A 223.80.189.93:23 tcp
N/A 60.28.134.253:23 tcp
N/A 221.131.34.125:23 tcp
N/A 117.12.51.90:23 tcp
N/A 113.160.97.219:23 tcp
N/A 190.122.39.74:23 tcp
N/A 152.36.1.100:23 tcp
N/A 183.130.106.164:23 tcp
N/A 217.150.41.41:23 tcp
N/A 167.100.14.130:23 tcp
N/A 103.3.224.68:23 tcp
N/A 189.15.3.118:23 tcp
N/A 223.16.172.172:23 tcp
N/A 201.116.67.97:23 tcp
N/A 64.32.77.14:23 tcp
N/A 83.240.240.206:23 tcp
N/A 113.227.206.216:23 tcp
N/A 103.67.240.126:23 tcp
N/A 121.152.230.45:23 tcp
N/A 115.110.130.18:23 tcp
N/A 59.36.7.66:23 tcp
N/A 88.218.17.142:8892 tcp
N/A 186.74.10.9:23 tcp
N/A 37.98.216.2:23 tcp
N/A 131.161.8.43:23 tcp
N/A 185.13.192.224:23 tcp
N/A 121.168.191.236:23 tcp
N/A 119.73.128.241:23 tcp
N/A 88.247.34.117:23 tcp
N/A 180.67.205.142:23 tcp
N/A 95.52.104.147:23 tcp
N/A 181.224.249.108:23 tcp
N/A 191.124.10.82:23 tcp
N/A 61.218.40.214:23 tcp
N/A 128.119.80.32:23 tcp
N/A 187.188.199.110:23 tcp
N/A 115.236.46.104:23 tcp
N/A 187.158.125.223:23 tcp
N/A 186.103.173.137:23 tcp
N/A 176.82.244.165:23 tcp
N/A 178.250.89.221:23 tcp
N/A 111.40.110.191:23 tcp
N/A 49.142.40.89:23 tcp
N/A 124.164.168.238:23 tcp
N/A 1.1.1.1:53 ntp.ubuntu.com udp
N/A 1.1.1.1:53 ntp.ubuntu.com udp
N/A 91.189.91.157:123 ntp.ubuntu.com udp
N/A 40.85.178.148:23 tcp
N/A 66.128.245.76:23 tcp
N/A 179.116.255.189:2323 tcp
N/A 179.151.3.41:23 tcp
N/A 190.106.93.43:23 tcp
N/A 102.23.147.126:23 tcp
N/A 187.90.6.168:23 tcp
N/A 91.189.91.157:123 ntp.ubuntu.com udp
N/A 42.225.187.123:23 tcp
N/A 42.235.53.251:23 tcp
N/A 91.189.91.157:123 ntp.ubuntu.com udp

Files

N/A