kaiten | 4aa8db63618e1d80f42df161ed6b550dedd7ca566053ca748b034edd94bc1c3a | Triage

Sharing

General

Target

4aa8db63618e1d80f42df161ed6b550dedd7ca566053ca748b034edd94bc1c3a
Size

225KB
Sample

220520-hzq84aaccl
MD5

95c0db062560eae7381100862b027d1e
SHA1

baf1809fb6d899eab16d99bccda4649219801e8c
SHA256

4aa8db63618e1d80f42df161ed6b550dedd7ca566053ca748b034edd94bc1c3a
SHA512

b7b8095e16be2801bcb1ca5b834ac9b1750e874f8baf564f3b21c069a9fa8c8e6a439d905e2ac19becb47357ebe4e8162928129553d5ddc996fef161e57bb2a0

Score

10^/10

kaiten linux

Malware Config

Targets

- Target
  
  4aa8db63618e1d80f42df161ed6b550dedd7ca566053ca748b034edd94bc1c3a
- Size
  
  225KB
- MD5
  
  95c0db062560eae7381100862b027d1e
- SHA1
  
  baf1809fb6d899eab16d99bccda4649219801e8c
- SHA256
  
  4aa8db63618e1d80f42df161ed6b550dedd7ca566053ca748b034edd94bc1c3a
- SHA512
  
  b7b8095e16be2801bcb1ca5b834ac9b1750e874f8baf564f3b21c069a9fa8c8e6a439d905e2ac19becb47357ebe4e8162928129553d5ddc996fef161e57bb2a0
Score

9^/10
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1