Overview

overview

10

Static

static

1

bb1e1bb42b...900fec

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb1e1bb42b9e27aa9af6220cff900fec

  • Size

    33KB

  • Sample

    231220-q1ln1ahhhq

  • MD5

    bb1e1bb42b9e27aa9af6220cff900fec

  • SHA1

    40aa62f24b5cba9cb679934b45db7a47abc0ab4d

  • SHA256

    3d35218401b01e771a30996e03fee170c5406bdb564c87064917d451a744ed9d

  • SHA512

    0fbd259b4dfc96930cab0ddf6102b79a5b593f025e63126efba8229efbccbcddaef82a0d44e4e0734adb3bfc2668a6630956ca2dee8d6346241027d875bf2a55

  • SSDEEP

    768:kW/A2V9LY1p8PrtyELAm8YANwZBif4Lb3XROD0E/gVD1hWn:f/A2VJPjd0mGQcf4cDhIVD1+

Score
10/10
kaitenbotnetpersistence

Malware Config

Targets

    • Target

      bb1e1bb42b9e27aa9af6220cff900fec

    • Size

      33KB

    • MD5

      bb1e1bb42b9e27aa9af6220cff900fec

    • SHA1

      40aa62f24b5cba9cb679934b45db7a47abc0ab4d

    • SHA256

      3d35218401b01e771a30996e03fee170c5406bdb564c87064917d451a744ed9d

    • SHA512

      0fbd259b4dfc96930cab0ddf6102b79a5b593f025e63126efba8229efbccbcddaef82a0d44e4e0734adb3bfc2668a6630956ca2dee8d6346241027d875bf2a55

    • SSDEEP

      768:kW/A2V9LY1p8PrtyELAm8YANwZBif4Lb3XROD0E/gVD1hWn:f/A2VJPjd0mGQcf4cDhIVD1+

    Score
    10/10
    kaitenbotnetpersistence

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Resource Development

Reconnaissance

Tasks