Malware Analysis Report

2024-12-01 00:48

Sample ID 210816-bn8cd7f9qe
Target 6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633
SHA256 6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633
Tags
kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633

Threat Level: Known bad

The file 6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633 was found to be: Known bad.

Malicious Activity Summary

kaiten

Identified Kaiten Bot

Kaiten family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-16 02:28

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-16 02:28

Reported

2021-08-16 02:28

Platform

ubuntu-amd64

Max time kernel

0s

Max time network

0s

Command Line

[./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633]

Signatures

N/A

Processes

./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633

[./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633]

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 changelogs.ubuntu.com udp
N/A 1.1.1.1:53 changelogs.ubuntu.com udp
N/A 91.189.91.49:443 changelogs.ubuntu.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2021-08-16 02:28

Reported

2021-08-16 02:28

Platform

debian9-mipsel

Max time kernel

0s

Max time network

25s

Command Line

[./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633]

Signatures

N/A

Processes

./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633

[./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633]

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 2.debian.pool.ntp.org udp
N/A 1.1.1.1:53 2.debian.pool.ntp.org udp
N/A 213.136.0.252:123 2.debian.pool.ntp.org udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2021-08-16 02:28

Reported

2021-08-16 02:28

Platform

debian9-mipsbe

Max time network

41s

Command Line

[./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633]

Signatures

N/A

Processes

./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633

[./6c6888a75d6a62dc7414dd22d0b6a70456a108a14889b8406f7aeb8b61b34633]

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 2.debian.pool.ntp.org udp
N/A 1.1.1.1:53 2.debian.pool.ntp.org udp
N/A 1.1.1.1:53 3.debian.pool.ntp.org udp

Files

N/A