Overview

overview

10

Static

static

1

4e6d4d8c05...48b537

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e6d4d8c059b40f731756ff4a548b537

  • Size

    42KB

  • Sample

    231219-26t34sbddl

  • MD5

    4e6d4d8c059b40f731756ff4a548b537

  • SHA1

    a15aafed902c43a3e14d3e571a80a11f19105c47

  • SHA256

    01ff62737a14a29b9ba2200d58409b9aae5e8e2b439f341fc439a6ea79c335c5

  • SHA512

    50bd7ae28792a5e18a417c3ea4a6c8a4a5739d8da1d408856d98fbff5e88d7d155f85a7c08c7047a284762ac4ac106c4fecd77f5248917e52d6ce02c8c8482d4

  • SSDEEP

    768:Asm32ViuMNvQ0CVEWfz+evHo4KSot0Hve0zNqQ1PCGaVThKE+jOWWJK3UEg6:AsmYAvQRMj5sm6NqQ1KGaVThKEoPTg6

Score
10/10
kaitenbotnetpersistence

Malware Config

Targets

    • Target

      4e6d4d8c059b40f731756ff4a548b537

    • Size

      42KB

    • MD5

      4e6d4d8c059b40f731756ff4a548b537

    • SHA1

      a15aafed902c43a3e14d3e571a80a11f19105c47

    • SHA256

      01ff62737a14a29b9ba2200d58409b9aae5e8e2b439f341fc439a6ea79c335c5

    • SHA512

      50bd7ae28792a5e18a417c3ea4a6c8a4a5739d8da1d408856d98fbff5e88d7d155f85a7c08c7047a284762ac4ac106c4fecd77f5248917e52d6ce02c8c8482d4

    • SSDEEP

      768:Asm32ViuMNvQ0CVEWfz+evHo4KSot0Hve0zNqQ1PCGaVThKE+jOWWJK3UEg6:AsmYAvQRMj5sm6NqQ1KGaVThKEoPTg6

    Score
    10/10
    kaitenbotnetpersistence

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Resource Development

Reconnaissance

Tasks