Overview

overview

10

Static

static

1

c97f99cdaf...7ed503

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c97f99cdafcef0ac7b484e79ca7ed503

  • Size

    42KB

  • Sample

    231222-r39paaehg7

  • MD5

    c97f99cdafcef0ac7b484e79ca7ed503

  • SHA1

    45fcb4347629b373ec5766b68a9a9e0b8773eacc

  • SHA256

    77b5f8dd7a6a31946a179206722acfb7d901d4be57525111dc7268538cc5fc81

  • SHA512

    27c767a1d48031c9fd5e8f264edf6b72e1a0e1ec1133cdad8765435859f9ccac0f46256752fe1ab0688ddc8881a608273b23e4c721f4be081293502501017ae7

  • SSDEEP

    768:2isrNjEjCMBdv3SfD/IwYlpxijZMhhie5FQWrSToy6XDo3UFAq2qQEpz+n:nrzBdviTIwYlAS75FQwyeMoz2

Score
10/10
kaitenbotnetpersistence

Malware Config

Targets

    • Target

      c97f99cdafcef0ac7b484e79ca7ed503

    • Size

      42KB

    • MD5

      c97f99cdafcef0ac7b484e79ca7ed503

    • SHA1

      45fcb4347629b373ec5766b68a9a9e0b8773eacc

    • SHA256

      77b5f8dd7a6a31946a179206722acfb7d901d4be57525111dc7268538cc5fc81

    • SHA512

      27c767a1d48031c9fd5e8f264edf6b72e1a0e1ec1133cdad8765435859f9ccac0f46256752fe1ab0688ddc8881a608273b23e4c721f4be081293502501017ae7

    • SSDEEP

      768:2isrNjEjCMBdv3SfD/IwYlpxijZMhhie5FQWrSToy6XDo3UFAq2qQEpz+n:nrzBdviTIwYlAS75FQwyeMoz2

    Score
    10/10
    kaitenbotnetpersistence

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks