kaiten | b7e933e7cf23f0932c64e67df58deeb00b2e8af655e7aa679239c633018c5499 | Triage

Sharing

General

Target

5f0a4ef2da06e574b738af9d73c9f043.elf
Size

386KB
Sample

221221-ddv8psef4w
MD5

5f0a4ef2da06e574b738af9d73c9f043
SHA1

5bae45f0591c44b5a80ca5f1666fe0f2cf06e7fc
SHA256

b7e933e7cf23f0932c64e67df58deeb00b2e8af655e7aa679239c633018c5499
SHA512

b7eb3478b1eec014b8c624e767958d349066e524a1f9b7072472e6876de2e50f332c0cbd35142147ab8e10469bd059d88ec93864e22ff84dcbd121431da1579c
SSDEEP

6144:tYGZk5LrnUri1QwkehG37GWbdThzhvnJu81Vn6A914/tT30D:ypWi1QwYSQNhvnJu81Vn6A914/tT30D

Score

10^/10

kaiten persistence

Malware Config

Targets

- Target
  
  5f0a4ef2da06e574b738af9d73c9f043.elf
- Size
  
  386KB
- MD5
  
  5f0a4ef2da06e574b738af9d73c9f043
- SHA1
  
  5bae45f0591c44b5a80ca5f1666fe0f2cf06e7fc
- SHA256
  
  b7e933e7cf23f0932c64e67df58deeb00b2e8af655e7aa679239c633018c5499
- SHA512
  
  b7eb3478b1eec014b8c624e767958d349066e524a1f9b7072472e6876de2e50f332c0cbd35142147ab8e10469bd059d88ec93864e22ff84dcbd121431da1579c
- SSDEEP
  
  6144:tYGZk5LrnUri1QwkehG37GWbdThzhvnJu81Vn6A914/tT30D:ypWi1QwYSQNhvnJu81Vn6A914/tT30D
Score

9^/10

persistence
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Boot or Logon Autostart Execution

Privilege Escalation

Hijack Execution Flow

Boot or Logon Autostart Execution

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1