Overview

overview

10

Static

static

7

edbf998a45...5f3816

ubuntu-18.04-amd64

10

Analysis

  • max time kernel
    153s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-12-2023 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edbf998a45d65e3f00c6788f515f3816

  • Size

    61KB

  • MD5

    edbf998a45d65e3f00c6788f515f3816

  • SHA1

    79d7015fe0e5b876520e301f4a0d3cb5592e2695

  • SHA256

    10b7d4146bf9e163af314e479d25c7f564365617d684cb13254b44bde903b8f2

  • SHA512

    25e318487fc7e1e88638da34920595502bc31d1266a31dd92b54b71b7a79a1efde03fd4987104cab36090df8d763d9d9c9904bb5912498c96e4d2bcbfa4046c9

  • SSDEEP

    1536:D6+6cHGQriaDfNIjYZv/tlMj4i5OGknouy8ZqWgwyGWUIxqG6:u+J9rNDmjSwj4QUoutUWCJUuA

Score
10/10
kaitenbotnet

Malware Config

Signatures

  • Detects Kaiten/Tsunami Payload 1 IoCs
  • Detects Kaiten/Tsunami payload 1 IoCs
  • Kaiten/Tsunami

    Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    botnetkaiten
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/edbf998a45d65e3f00c6788f515f3816
    /tmp/edbf998a45d65e3f00c6788f515f3816
    1⤵
    • Reads runtime system information
    PID:1533
    • /bin/sh
      sh -c "IPT=/sbin/iptables;\$IPT -N TN;\$IPT -A TN -s -j ACCEPT;\$IPT -A TN -p tcp -m tcp --dport 23 -j REJECT;\$IPT -I INPUT -j TN;\$IPT-save; echo 'nameserver 4.2.2.2' > /tmp/resolv.conf;echo 'namserver 208.67.222.222' >> /tmp/resolv.conf"
      2⤵
      • Writes file to tmp directory
      PID:1534
      • /sbin/iptables
        /sbin/iptables -N TN
        3⤵
          PID:1535
        • /sbin/iptables
          /sbin/iptables -A TN -s -j ACCEPT
          3⤵
            PID:1538
          • /sbin/iptables
            /sbin/iptables -A TN -p tcp -m tcp --dport 23 -j REJECT
            3⤵
              PID:1539
            • /sbin/iptables
              /sbin/iptables -I INPUT -j TN
              3⤵
                PID:1545
              • /sbin/iptables-save
                /sbin/iptables-save
                3⤵
                • Reads system network configuration
                PID:1546

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/resolv.conf
            Filesize

            19B

            MD5

            18e0d4be7ee318c312d30ed75f39224a

            SHA1

            b9dc9465cf5b3df703210bc0a9c3a9cf99a0a9da

            SHA256

            ccf6e60942eb1621dc5c14f36e531f15ddab87cd011b0330055b638437969038

            SHA512

            50d8b06a918649fd3d3b9ddb4e9a5488584adc3fd17c32ed897283bdd96d38f77e51e7bf3580e9ec826aba09112cfcf220a6a989cae1f65e0876787fccd7b7f3

            Download Submit

          • /tmp/resolv.conf
            Filesize

            44B

            MD5

            51a49244ffd6b878ded13f8ca99ec374

            SHA1

            e1b011254290e401e3e033691ac003fb5eb4744e

            SHA256

            b8b3e8e7ef159fac65286258082f832c227e982512ff9457b7d166e91b77ce98

            SHA512

            202ecd188cb234b6d21e6a4c895fc1420ec445bea436a9cba0986fc82979df6d2f3afca57542e2944f5df9b380d61ede54e6782cd3baee0f07a1df41b59a10c1

            Download Submit