kaiten | 09dce1b6665ae2ab3224de5d03f3b6717888f88ba15546068ba60f6899d322ab | Triage

Sharing

General

Target

5ff19fe6d7c5c0859f6d54cbe39c4766
Size

228KB
Sample

221221-dc3amaef4t
MD5

5ff19fe6d7c5c0859f6d54cbe39c4766
SHA1

6b99c05d0b28015f904104260fdfaabb4d0bf24f
SHA256

09dce1b6665ae2ab3224de5d03f3b6717888f88ba15546068ba60f6899d322ab
SHA512

351612adcf60d659151a246cdbc23f10d900e0ab1df1651c8813271bc6a8bb7cdd8bf8603a9295955a420a7ab3a7d3f5754593c289e65d4e5d42fe38356799c9
SSDEEP

6144:BtrDYHU7N7aFm68KTZ3tfierLmTiPFLYoYOtY:XrTh7aFmUT9/LmOPFLYo1Y

Score

10^/10

kaiten persistence

Malware Config

Targets

- Target
  
  5ff19fe6d7c5c0859f6d54cbe39c4766
- Size
  
  228KB
- MD5
  
  5ff19fe6d7c5c0859f6d54cbe39c4766
- SHA1
  
  6b99c05d0b28015f904104260fdfaabb4d0bf24f
- SHA256
  
  09dce1b6665ae2ab3224de5d03f3b6717888f88ba15546068ba60f6899d322ab
- SHA512
  
  351612adcf60d659151a246cdbc23f10d900e0ab1df1651c8813271bc6a8bb7cdd8bf8603a9295955a420a7ab3a7d3f5754593c289e65d4e5d42fe38356799c9
- SSDEEP
  
  6144:BtrDYHU7N7aFm68KTZ3tfierLmTiPFLYoYOtY:XrTh7aFmUT9/LmOPFLYo1Y
Score

9^/10

persistence
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Boot or Logon Autostart Execution

Privilege Escalation

Hijack Execution Flow

Boot or Logon Autostart Execution

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1