Malware Analysis Report

2024-12-01 00:48

Sample ID 210923-ab2e6agfdq
Target chimaera.cc
SHA256 fe3c5c4f94b90619f7385606dfb86b6211b030efe19b49c12ead507c8156507a
Tags
kaiten persistence suricata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fe3c5c4f94b90619f7385606dfb86b6211b030efe19b49c12ead507c8156507a

Threat Level: Known bad

The file chimaera.cc was found to be: Known bad.

Malicious Activity Summary

kaiten persistence suricata

Identified Kaiten Bot

Kaiten family

suricata: ET MALWARE IRC Nick change on non-standard port

Modifies hosts file

Writes DNS configuration

Modifies rc script

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-09-23 00:03

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2021-09-23 00:03

Reported

2021-09-23 00:41

Platform

ubuntu-amd64

Max time kernel

3587s

Max time network

141s

Command Line

[./chimaera.cc]

Signatures

suricata: ET MALWARE IRC Nick change on non-standard port

suricata

Modifies hosts file

Description Indicator Process Target
/etc/hosts /etc/hosts N/A N/A

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf N/A N/A

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local ./chimaera.cc N/A

Processes

./chimaera.cc

[./chimaera.cc]

Network

Country Destination Domain Proto
US 1.1.1.1:53 changelogs.ubuntu.com udp
US 1.1.1.1:53 changelogs.ubuntu.com udp
US 91.189.91.48:443 changelogs.ubuntu.com tcp
US 1.1.1.1:53 irc.chimaera.cc udp
DE 45.9.148.182:8080 irc.chimaera.cc tcp
US 91.189.91.157:123 udp
US 91.189.91.157:123 udp

Files

N/A