Analysis Overview
score
10/10
SHA256
2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a
Threat Level: Known bad
The file 2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a was found to be: Known bad.
Malicious Activity Summary
Identified Kaiten Bot
Kaiten family
Writes DNS configuration
Modifies hosts file
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-02-17 22:04
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-17 22:04
Reported
2022-02-18 01:27
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
6165s
Max time network
176s
Command Line
[./2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a]
Signatures
Modifies hosts file
| Description | Indicator | Process | Target |
| /etc/hosts | /etc/hosts | N/A | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | N/A | N/A |
Processes
./2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a
[./2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a]
Network
| Country | Destination | Domain | Proto |
| US | 35.238.62.236:22 | tcp | |
| US | 67.227.188.226:22 | tcp | |
| US | 18.218.172.188:22 | tcp | |
| US | 67.227.188.226:22 | tcp | |
| US | 35.238.62.236:22 | tcp | |
| IQ | 138.124.157.174:22 | tcp | |
| IE | 86.45.89.190:22 | tcp | |
| IN | 45.123.217.54:22 | tcp | |
| IN | 45.123.217.54:22 | tcp | |
| HK | 154.213.97.132:22 | tcp | |
| NL | 45.130.138.160:22 | tcp | |
| CN | 122.94.210.236:22 | tcp | |
| FI | 178.55.186.167:22 | tcp | |
| CN | 39.156.60.10:22 | tcp | |
| JP | 52.197.184.157:22 | tcp | |
| US | 168.184.27.169:22 | tcp | |
| NL | 167.71.2.88:22 | tcp | |
| AR | 201.178.39.221:22 | tcp | |
| US | 192.149.234.20:22 | tcp | |
| CN | 49.233.84.46:22 | tcp | |
| BO | 190.104.2.201:22 | tcp | |
| US | 192.254.201.109:22 | tcp | |
| BR | 177.200.196.85:22 | tcp | |
| CN | 123.57.128.88:22 | tcp | |
| KR | 110.45.216.72:22 | tcp | |
| US | 35.224.22.12:22 | tcp | |
| RU | 90.156.169.194:22 | tcp | |
| DE | 141.95.53.229:22 | tcp | |
| FI | 65.21.93.99:22 | tcp | |
| CN | 120.25.70.236:22 | tcp | |
| HK | 154.210.158.36:22 | tcp | |
| SG | 139.162.29.115:22 | tcp | |
| FR | 77.87.105.183:22 | tcp | |
| SG | 172.104.53.43:22 | tcp | |
| US | 150.120.171.2:22 | tcp | |
| DE | 83.151.25.210:22 | tcp | |
| US | 128.59.103.235:22 | tcp | |
| HK | 154.210.158.36:22 | tcp | |
| US | 35.224.22.12:22 | tcp | |
| FR | 54.37.82.51:22 | tcp | |
| TR | 178.243.165.148:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 134.130.139.29:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| FI | 135.181.84.189:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| FR | 37.72.202.117:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| PL | 146.59.56.113:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 165.227.161.228:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 5.9.235.69:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| US | 132.148.237.151:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| HK | 34.96.131.213:22 | tcp | |
| US | 107.174.114.215:22 | tcp | |
| US | 107.165.190.161:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| US | 44.230.202.168:22 | tcp | |
| HK | 119.28.7.179:22 | tcp | |
| HK | 180.215.201.118:22 | tcp | |
| JP | 45.88.193.47:22 | tcp | |
| JP | 61.210.162.42:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 95.179.240.151:22 | tcp | |
| MA | 41.140.241.232:22 | tcp | |
| NL | 134.122.56.112:22 | tcp | |
| US | 18.191.41.19:22 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp | |
| DE | 80.241.216.2:6667 | tcp |
Files
N/A