kaiten | 8b5d6d9d1094279f089ce549a77ac041aa87654b862ce24f7e17b84bdcf89278 | Triage

Sharing

General

Target

8b5d6d9d1094279f089ce549a77ac041aa87654b862ce24f7e17b84bdcf89278
Size

240KB
Sample

220724-2m9z8abeej
MD5

f3d3ba9da9123d200fe6627d970838cd
SHA1

c780af224fc7c82524c1fa6c9392d2805a631436
SHA256

8b5d6d9d1094279f089ce549a77ac041aa87654b862ce24f7e17b84bdcf89278
SHA512

21bf1baa84b5470c45185bb0511b1669664d43d90b2dd61df401889b3ca08933013a7da8b445808ad2e4624d1b9de58b893ff97edef13691b919ae33d72e742c

Score

10^/10

kaiten persistence

Malware Config

Targets

- Target
  
  8b5d6d9d1094279f089ce549a77ac041aa87654b862ce24f7e17b84bdcf89278
- Size
  
  240KB
- MD5
  
  f3d3ba9da9123d200fe6627d970838cd
- SHA1
  
  c780af224fc7c82524c1fa6c9392d2805a631436
- SHA256
  
  8b5d6d9d1094279f089ce549a77ac041aa87654b862ce24f7e17b84bdcf89278
- SHA512
  
  21bf1baa84b5470c45185bb0511b1669664d43d90b2dd61df401889b3ca08933013a7da8b445808ad2e4624d1b9de58b893ff97edef13691b919ae33d72e742c
Score

7^/10

persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1