Malware Analysis Report

2024-12-01 00:45

Sample ID 220217-1y3jvafab5
Target 2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a
SHA256 2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a
Tags
kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a

Threat Level: Known bad

The file 2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a was found to be: Known bad.

Malicious Activity Summary

kaiten

Identified Kaiten Bot

Kaiten family

Writes DNS configuration

Modifies hosts file

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-02-17 22:04

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-02-17 22:04

Reported

2022-02-18 01:27

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

6165s

Max time network

176s

Command Line

[./2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a]

Signatures

Modifies hosts file

Description Indicator Process Target
/etc/hosts /etc/hosts N/A N/A

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf N/A N/A

Processes

./2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a

[./2f8c35ab311135eba9cffd75246e861100a53e2da68154751082ffb75e48144a]

Network

Country Destination Domain Proto
US 35.238.62.236:22 tcp
US 67.227.188.226:22 tcp
US 18.218.172.188:22 tcp
US 67.227.188.226:22 tcp
US 35.238.62.236:22 tcp
IQ 138.124.157.174:22 tcp
IE 86.45.89.190:22 tcp
IN 45.123.217.54:22 tcp
IN 45.123.217.54:22 tcp
HK 154.213.97.132:22 tcp
NL 45.130.138.160:22 tcp
CN 122.94.210.236:22 tcp
FI 178.55.186.167:22 tcp
CN 39.156.60.10:22 tcp
JP 52.197.184.157:22 tcp
US 168.184.27.169:22 tcp
NL 167.71.2.88:22 tcp
AR 201.178.39.221:22 tcp
US 192.149.234.20:22 tcp
CN 49.233.84.46:22 tcp
BO 190.104.2.201:22 tcp
US 192.254.201.109:22 tcp
BR 177.200.196.85:22 tcp
CN 123.57.128.88:22 tcp
KR 110.45.216.72:22 tcp
US 35.224.22.12:22 tcp
RU 90.156.169.194:22 tcp
DE 141.95.53.229:22 tcp
FI 65.21.93.99:22 tcp
CN 120.25.70.236:22 tcp
HK 154.210.158.36:22 tcp
SG 139.162.29.115:22 tcp
FR 77.87.105.183:22 tcp
SG 172.104.53.43:22 tcp
US 150.120.171.2:22 tcp
DE 83.151.25.210:22 tcp
US 128.59.103.235:22 tcp
HK 154.210.158.36:22 tcp
US 35.224.22.12:22 tcp
FR 54.37.82.51:22 tcp
TR 178.243.165.148:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 134.130.139.29:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
FI 135.181.84.189:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
FR 37.72.202.117:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
PL 146.59.56.113:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 165.227.161.228:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 5.9.235.69:22 tcp
DE 80.241.216.2:6667 tcp
US 132.148.237.151:22 tcp
DE 80.241.216.2:6667 tcp
HK 34.96.131.213:22 tcp
US 107.174.114.215:22 tcp
US 107.165.190.161:22 tcp
DE 80.241.216.2:6667 tcp
US 44.230.202.168:22 tcp
HK 119.28.7.179:22 tcp
HK 180.215.201.118:22 tcp
JP 45.88.193.47:22 tcp
JP 61.210.162.42:22 tcp
DE 80.241.216.2:6667 tcp
DE 95.179.240.151:22 tcp
MA 41.140.241.232:22 tcp
NL 134.122.56.112:22 tcp
US 18.191.41.19:22 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp
DE 80.241.216.2:6667 tcp

Files

N/A