Analysis Overview
SHA256
25f299887ea827b2905e714136912771951cd76f05f8078319af8f81c1c5fe7e
Threat Level: Known bad
The file 25f299887ea827b2905e714136912771951cd76f05f8078319af8f81c1c5fe7e was found to be: Known bad.
Malicious Activity Summary
Identified Kaiten Bot
Kaiten family
Deletes system logs
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-02-17 22:05
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-17 22:05
Reported
2022-02-18 01:31
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Max time network
152s
Command Line
Signatures
Deletes system logs
| Description | Indicator | Process | Target |
| /var/log/syslog | /var/log/syslog | /bin/rm | N/A |
| /var/log/syslog | /var/log/syslog | /usr/bin/touch | N/A |
| /var/log/syslog | /var/log/syslog | /usr/bin/chattr | N/A |
Processes
./25f299887ea827b2905e714136912771951cd76f05f8078319af8f81c1c5fe7e
[./25f299887ea827b2905e714136912771951cd76f05f8078319af8f81c1c5fe7e]
/bin/sh
[sh -c rm -rf /var/log/syslog;touch /var/log/syslog;chmod 0000 /var/log/syslog;chattr +isa /var/log/syslog;]
/bin/rm
[rm -rf /var/log/syslog]
/usr/bin/touch
[touch /var/log/syslog]
/bin/chmod
[chmod 0000 /var/log/syslog]
/usr/bin/chattr
[chattr +isa /var/log/syslog]
Network
| Country | Destination | Domain | Proto |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp | |
| BR | 200.156.100.119:80 | tcp |