kaiten | 2c2e64279f80ba66cca2b61ccf1658eeb567b065ce8a13e662f6574dd05ac79f | Triage

Sharing

General

Target

[x86].elf
Size

286KB
Sample

221221-b3jj4aee7y
MD5

27f525e4aff4300d32bdcab33475d26b
SHA1

bf9596084fe18a856e822b0bd28257d4576414ed
SHA256

2c2e64279f80ba66cca2b61ccf1658eeb567b065ce8a13e662f6574dd05ac79f
SHA512

84f4c281fb788da2148ca31cd7330822e503a51426705f3be145e4bc2bcc28b6223bb9c32a4af4d1d29a515c55fe34545b3768c4a133722591ed23d31bd0587b
SSDEEP

6144:HorAyiaWTfO7hBvPM4vRwRvSNZpzafhqDuplILtxSV:HorAyiaWTf8PM+ivSNZpzafhqDuplILs

Score

10^/10

kaiten linux persistence

Malware Config

Targets

- Target
  
  [x86].elf
- Size
  
  286KB
- MD5
  
  27f525e4aff4300d32bdcab33475d26b
- SHA1
  
  bf9596084fe18a856e822b0bd28257d4576414ed
- SHA256
  
  2c2e64279f80ba66cca2b61ccf1658eeb567b065ce8a13e662f6574dd05ac79f
- SHA512
  
  84f4c281fb788da2148ca31cd7330822e503a51426705f3be145e4bc2bcc28b6223bb9c32a4af4d1d29a515c55fe34545b3768c4a133722591ed23d31bd0587b
- SSDEEP
  
  6144:HorAyiaWTfO7hBvPM4vRwRvSNZpzafhqDuplILtxSV:HorAyiaWTf8PM+ivSNZpzafhqDuplILs
Score

9^/10

persistence
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Boot or Logon Autostart Execution

Privilege Escalation

Hijack Execution Flow

Boot or Logon Autostart Execution

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1