Malware Analysis Report

2024-12-01 00:47

Sample ID 220217-1rvwesfhgm
Target 9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3
SHA256 9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3
Tags
kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3

Threat Level: Known bad

The file 9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3 was found to be: Known bad.

Malicious Activity Summary

kaiten

Identified Kaiten Bot

Kaiten family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-02-17 21:53

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-02-17 21:53

Reported

2022-02-17 21:56

Platform

debian9-armhf-en-20211208

Max time kernel

6152s

Max time network

159s

Command Line

[./9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3]

Signatures

N/A

Processes

./9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3

[./9a4391e6c3bf41027baa738d82bcfc9866c64068004ba3b146ab9a8f803cd5b3]

Network

Country Destination Domain Proto
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp
FR 51.15.160.111:6667 tcp

Files

N/A