Analysis
-
max time kernel
152s -
max time network
155s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
22-12-2023 13:52
General
-
Target
b03b7fe39dd85fc9daae367c9506c9ab
-
Size
217KB
-
MD5
b03b7fe39dd85fc9daae367c9506c9ab
-
SHA1
71040c86924faa54cc488be4d00733a06357dec7
-
SHA256
d1e20bed068f9110cf18943400650dcc56c2abf26e7a0ab9dad810515b153224
-
SHA512
bf9e18a387165633dda845f11641b4e924879378248747f2c03bad0677935a9b758713cc65244e1c2ce04f0632111ad84992a30d8c22f068246bc4039ae26dfb
-
SSDEEP
3072:chr2ePskOqANcRzO1LWtUQsg+Mw3nW3C1MuwCUhAiizUPVX/mNBB/1Zet79g0:chyI33ASRzwasQzuXmAiizUP1wBB/6L
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 1 IoCs
-
Detects Kaiten/Tsunami payload 1 IoCs
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/b03b7fe39dd85fc9daae367c9506c9ab/tmp/b03b7fe39dd85fc9daae367c9506c9ab1⤵
- Reads runtime system information
- Writes file to tmp directory
-
/proc/1528/fd/3/tmp/b03b7fe39dd85fc9daae367c9506c9ab1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/upxB5XRMI5ABPYFilesize
444KB
MD5a717a6fa95074ea91b0ff1cc9d15fb25
SHA1481dbd786868cf6e2ac8a408addd58bc72bcd89d
SHA256b094f506c02bf34e38decd7fb13f2bad25d866cde413a485ae6d0568702b81d2
SHA5129b6ba69d0e745471a0d217ef59eb22c9c97afc29d21102be119b5a60e0328099e35e0b6446cfda7dff2c302f4f9f7c675c51d9748ff29c8cbe643068c6a32492