kaiten | 0bb4dce69365ae39f2477b04ec5156dbff08c8ef3e11350bc7dbd3f61bae904d | Triage

Sharing

General

Target

3e5ea611c546f5777fdd727ca3b17423.elf
Size

386KB
Sample

221221-dfk6hsbe68
MD5

3e5ea611c546f5777fdd727ca3b17423
SHA1

6e9c06bd59693fca79d743f64b718505527ce01b
SHA256

0bb4dce69365ae39f2477b04ec5156dbff08c8ef3e11350bc7dbd3f61bae904d
SHA512

89f57182d748bddfdf32b2ac72ca9817e6047ee4c656e041e12c4e52a1c15aa49f9d045c975de663d3bb021123f94c78948a62b01da47904aec69042ca40abbd
SSDEEP

6144:tRH+4s+F4xh2ewR83PyOGyTc+vWkekvaJu81Vn6A914/tT30D:E9NCsP+wDvaJu81Vn6A914/tT30D

Score

10^/10

kaiten persistence

Malware Config

Targets

- Target
  
  3e5ea611c546f5777fdd727ca3b17423.elf
- Size
  
  386KB
- MD5
  
  3e5ea611c546f5777fdd727ca3b17423
- SHA1
  
  6e9c06bd59693fca79d743f64b718505527ce01b
- SHA256
  
  0bb4dce69365ae39f2477b04ec5156dbff08c8ef3e11350bc7dbd3f61bae904d
- SHA512
  
  89f57182d748bddfdf32b2ac72ca9817e6047ee4c656e041e12c4e52a1c15aa49f9d045c975de663d3bb021123f94c78948a62b01da47904aec69042ca40abbd
- SSDEEP
  
  6144:tRH+4s+F4xh2ewR83PyOGyTc+vWkekvaJu81Vn6A914/tT30D:E9NCsP+wDvaJu81Vn6A914/tT30D
Score

9^/10

persistence
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1