Analysis Overview
SHA256
05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4
Threat Level: Known bad
The file 05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4 was found to be: Known bad.
Malicious Activity Summary
Kaiten family
Identified Kaiten Bot
Modifies hosts file
Writes DNS configuration
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-02-17 22:08
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-17 22:08
Reported
2022-02-18 01:41
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
6166s
Max time network
103s
Command Line
Signatures
Modifies hosts file
| Description | Indicator | Process | Target |
| /etc/hosts | /etc/hosts | N/A | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | N/A | N/A |
Processes
./05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4
[./05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4]
/bin/sh
[sh -c crontab -l | grep ./05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4|| (crontab -l ; echo "* * * * * ./05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4") | crontab -]
/bin/grep
[grep ./05cb2b83182e26dbdf09b4ef02345d44e62d94f062683ef3ecdd08f965ed4dc4]
/usr/bin/crontab
[crontab -l]
/usr/bin/crontab
[crontab -]
/usr/bin/crontab
[crontab -l]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | 456489789416fdsqfdsqfdsq.ru | udp |
| US | 1.1.1.1:53 | 456489789416fdsqfdsqfds.ru | udp |