Analysis Overview
SHA256
ca21a60bf8ffb7414a9e52a2e1574b0f15797e5e32ca196bf093b2cf7c2b0a49
Threat Level: Known bad
The file ca21a60bf8ffb7414a9e52a2e1574b0f15797e5e32ca196bf093b2cf7c2b0a49 was found to be: Known bad.
Malicious Activity Summary
Identified Kaiten Bot
Kaiten family
Deletes system logs
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-02-19 07:00
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-19 07:00
Reported
2022-02-19 12:30
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
6291s
Max time network
154s
Command Line
Signatures
Deletes system logs
| Description | Indicator | Process | Target |
| /var/log/syslog | /var/log/syslog | /bin/rm | N/A |
| /var/log/syslog | /var/log/syslog | /usr/bin/touch | N/A |
| /var/log/syslog | /var/log/syslog | /usr/bin/chattr | N/A |
Processes
./ca21a60bf8ffb7414a9e52a2e1574b0f15797e5e32ca196bf093b2cf7c2b0a49
[./ca21a60bf8ffb7414a9e52a2e1574b0f15797e5e32ca196bf093b2cf7c2b0a49]
/bin/sh
[sh -c rm -rf /var/log/syslog;touch /var/log/syslog;chmod 0000 /var/log/syslog;chattr +isa /var/log/syslog;]
/bin/rm
[rm -rf /var/log/syslog]
/usr/bin/touch
[touch /var/log/syslog]
/bin/chmod
[chmod 0000 /var/log/syslog]
/usr/bin/chattr
[chattr +isa /var/log/syslog]
Network
| Country | Destination | Domain | Proto |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp | |
| BR | 200.20.10.72:80 | tcp |