Analysis Overview
score
10/10
SHA256
fe3c5c4f94b90619f7385606dfb86b6211b030efe19b49c12ead507c8156507a
Threat Level: Known bad
The file chimaera.cc was found to be: Known bad.
Malicious Activity Summary
Identified Kaiten Bot
Kaiten family
suricata: ET MALWARE IRC Nick change on non-standard port
Modifies hosts file
Writes DNS configuration
Modifies rc script
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-09-23 00:03
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2021-09-23 00:03
Reported
2021-09-23 00:41
Platform
ubuntu-amd64
Max time kernel
3587s
Max time network
141s
Command Line
[./chimaera.cc]
Signatures
suricata: ET MALWARE IRC Nick change on non-standard port
Modifies hosts file
| Description | Indicator | Process | Target |
| /etc/hosts | /etc/hosts | N/A | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | N/A | N/A |
Modifies rc script
| Description | Indicator | Process | Target |
| /etc/rc.d/rc.local | /etc/rc.d/rc.local | ./chimaera.cc | N/A |
Processes
./chimaera.cc
[./chimaera.cc]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | changelogs.ubuntu.com | udp |
| US | 1.1.1.1:53 | changelogs.ubuntu.com | udp |
| US | 91.189.91.48:443 | changelogs.ubuntu.com | tcp |
| US | 1.1.1.1:53 | irc.chimaera.cc | udp |
| DE | 45.9.148.182:8080 | irc.chimaera.cc | tcp |
| US | 91.189.91.157:123 | udp | |
| US | 91.189.91.157:123 | udp |
Files
N/A