kaiten | 751014e0154d219dea8c2e999714c32fd98f817782588cd7af355d2488eb1c80 | Triage

Submit
Reports

Overview

overview

Static

static

1

731e88ae5f...kes118

ubuntu-20.04-amd64

Sharing

General

Target

731e88ae5f22ba01372a3b0cc5adccdf_JaffaCakes118
Size

2.7MB
Sample

240401-revkfsff6t
MD5

731e88ae5f22ba01372a3b0cc5adccdf
SHA1

893db829a8b0af8e37f3e0c25d63779afdc575b9
SHA256

751014e0154d219dea8c2e999714c32fd98f817782588cd7af355d2488eb1c80
SHA512

523094ef2170dc5a0333f7a9e0b1f3c2fc025295198b7c9b9ac36e5c130cc5c5b091f3bb541601e45f6efd081f79f50322affce355a1a2b4f83c9058566390f0
SSDEEP

49152:Q4LOseggj73q9sgK4TCbbwWg0+/Y8jk1OkIlDdohcjJq:tlMVPwWIYMOOkIQh2Jq

Score

10^/10

kaiten botnet linux

Static task

static1

Behavioral task

behavioral1

Sample

731e88ae5f22ba01372a3b0cc5adccdf_JaffaCakes118

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  731e88ae5f22ba01372a3b0cc5adccdf_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  731e88ae5f22ba01372a3b0cc5adccdf
- SHA1
  
  893db829a8b0af8e37f3e0c25d63779afdc575b9
- SHA256
  
  751014e0154d219dea8c2e999714c32fd98f817782588cd7af355d2488eb1c80
- SHA512
  
  523094ef2170dc5a0333f7a9e0b1f3c2fc025295198b7c9b9ac36e5c130cc5c5b091f3bb541601e45f6efd081f79f50322affce355a1a2b4f83c9058566390f0
- SSDEEP
  
  49152:Q4LOseggj73q9sgK4TCbbwWg0+/Y8jk1OkIlDdohcjJq:tlMVPwWIYMOOkIQh2Jq
Score

10^/10

kaiten botnet
- Detects Kaiten/Tsunami Payload
- Detects Kaiten/Tsunami payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Runs EXE from memory
  Runs an executable from memory, likely to minimize footprint
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy