kaiten | c0271e9c3eb2f42e61594003a691d575046718df90a505a76f58ee0ad66a5eb9 | Triage

Sharing

General

Target

c0271e9c3eb2f42e61594003a691d575046718df90a505a76f58ee0ad66a5eb9.elf
Size

48KB
Sample

230308-wsqwmsgc96
MD5

b0b02fa67fc3909820a318c74369b099
SHA1

6a176d0bea4c52c119572ef2a711a630d134ce25
SHA256

c0271e9c3eb2f42e61594003a691d575046718df90a505a76f58ee0ad66a5eb9
SHA512

a3f3cb6ddb804371c886e5a5b0fc7364a98ed5b5810a205f128a3f390527e9b2c4752d775361d7388f116a45aa930440146afd06abce87096e1fdd4167a757bf
SSDEEP

768:srxSJ1dmP9DB18zgOJHIJGzqGXlNsRoxmmw3dZxfroi+4Zt4i:sIzAt18zgOtIJGzjXlNsRoxmmcroiW

Score

10^/10

kaiten linux persistence

Malware Config

Targets

- Target
  
  c0271e9c3eb2f42e61594003a691d575046718df90a505a76f58ee0ad66a5eb9.elf
- Size
  
  48KB
- MD5
  
  b0b02fa67fc3909820a318c74369b099
- SHA1
  
  6a176d0bea4c52c119572ef2a711a630d134ce25
- SHA256
  
  c0271e9c3eb2f42e61594003a691d575046718df90a505a76f58ee0ad66a5eb9
- SHA512
  
  a3f3cb6ddb804371c886e5a5b0fc7364a98ed5b5810a205f128a3f390527e9b2c4752d775361d7388f116a45aa930440146afd06abce87096e1fdd4167a757bf
- SSDEEP
  
  768:srxSJ1dmP9DB18zgOJHIJGzqGXlNsRoxmmw3dZxfroi+4Zt4i:sIzAt18zgOtIJGzjXlNsRoxmmcroiW
Score

8^/10

persistence
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1