kaiten | 77b5f8dd7a6a31946a179206722acfb7d901d4be57525111dc7268538cc5fc81 | Triage

Submit
Reports

Overview

overview

Static

static

1

c97f99cdaf...7ed503

debian-9-armhf

Sharing

General

Target

c97f99cdafcef0ac7b484e79ca7ed503
Size

42KB
Sample

231222-r39paaehg7
MD5

c97f99cdafcef0ac7b484e79ca7ed503
SHA1

45fcb4347629b373ec5766b68a9a9e0b8773eacc
SHA256

77b5f8dd7a6a31946a179206722acfb7d901d4be57525111dc7268538cc5fc81
SHA512

27c767a1d48031c9fd5e8f264edf6b72e1a0e1ec1133cdad8765435859f9ccac0f46256752fe1ab0688ddc8881a608273b23e4c721f4be081293502501017ae7
SSDEEP

768:2isrNjEjCMBdv3SfD/IwYlpxijZMhhie5FQWrSToy6XDo3UFAq2qQEpz+n:nrzBdviTIwYlAS75FQwyeMoz2

Score

10^/10

kaiten botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

c97f99cdafcef0ac7b484e79ca7ed503

Resource

debian9-armhf-20231215-en

kaiten botnet persistence

debian-9-armhf

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c97f99cdafcef0ac7b484e79ca7ed503
- Size
  
  42KB
- MD5
  
  c97f99cdafcef0ac7b484e79ca7ed503
- SHA1
  
  45fcb4347629b373ec5766b68a9a9e0b8773eacc
- SHA256
  
  77b5f8dd7a6a31946a179206722acfb7d901d4be57525111dc7268538cc5fc81
- SHA512
  
  27c767a1d48031c9fd5e8f264edf6b72e1a0e1ec1133cdad8765435859f9ccac0f46256752fe1ab0688ddc8881a608273b23e4c721f4be081293502501017ae7
- SSDEEP
  
  768:2isrNjEjCMBdv3SfD/IwYlpxijZMhhie5FQWrSToy6XDo3UFAq2qQEpz+n:nrzBdviTIwYlAS75FQwyeMoz2
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kaitenbotnetpersistence

© 2018-2024

Terms | Privacy