Analysis
-
max time kernel
5s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231222-en -
resource tags
-
submitted
22-12-2023 07:28
General
-
Target
794dcd7c345d57326fda991505b56a31
-
Size
12KB
-
MD5
794dcd7c345d57326fda991505b56a31
-
SHA1
3686e2e9f0097c2a25dcdf82e117064282c219e6
-
SHA256
717675c90e073e3ed986f634b90361a40f7e6bca17625d8bb8be620905fb0bf0
-
SHA512
7e4d724023b63fd15bd1e39fc516c2cc79d764dc25d53dd5e1d42149ce5330187999ae10c3bb92f0d8d3bb5111f75d69318ed52b3472125dc3e3f52cc6492805
-
SSDEEP
384:9u8x0NJS3ci3OFejsNFf2At6X4Fwab14cnTfwT:r0NJSMieEszf2At6X4eECPT
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 1 IoCs
-
Detects Kaiten/Tsunami payload 1 IoCs
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Executes dropped EXE 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/794dcd7c345d57326fda991505b56a31/tmp/794dcd7c345d57326fda991505b56a311⤵
- Reads runtime system information
- Writes file to tmp directory
-
/proc/1576/fd/3/tmp/794dcd7c345d57326fda991505b56a311⤵
-
/tmp/upxAUB22IEABRI/tmp/794dcd7c345d57326fda991505b56a311⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/upxAUB22IEABRIFilesize
27KB
MD52cec8e368200b94e78f2fbb64a8a7ece
SHA1f12fea9680c9126647d3fe9672f8c299bab1cd02
SHA256b819299b02978e36ee780f6ebb58614455f1724d32ee723b7c9014db7d62c24d
SHA512d195e036b2e25896a76d0c4ffc232c3c5b242bf726e3edb78bdb4fd0a19b823d55981e55202fa580e2d43aacd2904e71b163ff3fb8d6c0febeb15f3bca4520aa