kaiten | b4a5d74a1ce9b719305b568f80f399811f8b91eab8a374d58ab6e9b916ec285f | Triage

Submit
Reports

Overview

overview

Static

static

1

80868960a0...4e070b

debian-9-armhf

Sharing

General

Target

80868960a04c6b6b296d542d4e4e070b
Size

42KB
Sample

240129-wtn4fahdck
MD5

80868960a04c6b6b296d542d4e4e070b
SHA1

f9dc88872eba66a68a539230d9a6608e5a66d738
SHA256

b4a5d74a1ce9b719305b568f80f399811f8b91eab8a374d58ab6e9b916ec285f
SHA512

7ffc81196ad1c329ff33eb4994a5e2af7eacfa1fee0e99d26885ee39d212cabd31e6597d0fb853cfe99d0a241006e9ed2530254025e13b7e7000d8dfc0b3c086
SSDEEP

768:SkL+e4rSR+Eib1N0Qv+lZE0ecx1McnwmnIS0EN4/gP++5gnxlJK3UEg6:rLz8ECnvoLnCuwJEJ+1xgg6

Score

10^/10

kaiten botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

80868960a04c6b6b296d542d4e4e070b

Resource

debian9-armhf-20231222-en

kaiten botnet persistence

debian-9-armhf

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  80868960a04c6b6b296d542d4e4e070b
- Size
  
  42KB
- MD5
  
  80868960a04c6b6b296d542d4e4e070b
- SHA1
  
  f9dc88872eba66a68a539230d9a6608e5a66d738
- SHA256
  
  b4a5d74a1ce9b719305b568f80f399811f8b91eab8a374d58ab6e9b916ec285f
- SHA512
  
  7ffc81196ad1c329ff33eb4994a5e2af7eacfa1fee0e99d26885ee39d212cabd31e6597d0fb853cfe99d0a241006e9ed2530254025e13b7e7000d8dfc0b3c086
- SSDEEP
  
  768:SkL+e4rSR+Eib1N0Qv+lZE0ecx1McnwmnIS0EN4/gP++5gnxlJK3UEg6:rLz8ECnvoLnCuwJEJ+1xgg6
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kaitenbotnetpersistence

© 2018-2024

Terms | Privacy