Overview

overview

10

Static

static

10

.bash_hist...utorun

ubuntu-18.04-amd64

6

.bash_hist...utorun

debian-9-armhf

6

.bash_hist...utorun

debian-9-mips

6

.bash_hist...utorun

debian-9-mipsel

6

.bash_history1/.kde/b

ubuntu-18.04-amd64

.bash_hist...kde/b2

ubuntu-18.04-amd64

.bash_hist.../crond

ubuntu-18.04-amd64

.bash_hist.../essyn

ubuntu-20.04-amd64

1

.bash_history1/.kde/f

ubuntu-20.04-amd64

.bash_hist...kde/f4

ubuntu-20.04-amd64

.bash_history1/.kde/g

ubuntu-20.04-amd64

.bash_history1/.kde/j

ubuntu-18.04-amd64

.bash_hist...kde/j2

ubuntu-20.04-amd64

.bash_hist...killer

ubuntu-18.04-amd64

.bash_hist...ch.vbs

windows7-x64

1

.bash_hist...ch.vbs

windows10-2004-x64

1

.bash_hist...de/run

ubuntu-18.04-amd64

1

.bash_hist...de/run

debian-9-armhf

1

.bash_hist...de/run

debian-9-mips

1

.bash_hist...de/run

debian-9-mipsel

1

.bash_history1/.kde/s

ubuntu-18.04-amd64

.bash_hist...kde/sl

ubuntu-20.04-amd64

.bash_hist...e/ssyn

ubuntu-20.04-amd64

1

.bash_hist...art.sh

windows7-x64

3

.bash_hist...art.sh

windows10-2004-x64

3

.bash_hist...de/std

ubuntu-18.04-amd64

.bash_hist...tealth

ubuntu-18.04-amd64

.bash_hist...stream

ubuntu-20.04-amd64

.bash_hist...e/talk

ubuntu-18.04-amd64

.bash_hist...de/tty

ubuntu-18.04-amd64

.bash_hist...update

ubuntu-18.04-amd64

1

.bash_hist...update

debian-9-armhf

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee7f4237d4b055d374a80a79d525b7f4_JaffaCakes118

  • Size

    251KB

  • Sample

    240411-2h4bwafd72

  • MD5

    ee7f4237d4b055d374a80a79d525b7f4

  • SHA1

    8084ffd268fd3398e8b8a5c45c4981e78b4ecaa2

  • SHA256

    7518cd76ff9f401b31774b9bb24f83993107eb82856f36095b87a179f835fea0

  • SHA512

    af94379c744021326bf9d77eb95a63c0d580482ce7cafeb971a07fa5913a60387f418e3dcb484b4993523d620a75841d34779db851633d3263374a0dc6ac3df0

  • SSDEEP

    6144:StTEN/szdBUruRVuisSPyGjCzGzZ9GcBsrRlLKddnGQX:qE5qrHRVISKtkZI6s3uXXX

Score
10/10
kaitenbotnetlinuxpersistence

Malware Config

Targets

    • Target

      .bash_history1/.kde/autorun

    • Size

      309B

    • MD5

      a27cd7f6ec00538d81eba3081cbdd3d3

    • SHA1

      7c80bfef642c3330dd26d340f15453247b4dbed9

    • SHA256

      cf6e9033be781ec8a1d5ea771657a9f5bdfbcff9154507028dc158cfd76b3ab9

    • SHA512

      c5dabbdcecdc677df4e5a46a37eaee3adc4a2a2a864cd6c397406de9663e09be884d13e9cd2752d8bd6234ae2c989b979dc29353794f47cdc3697cf71782cd63

    Score
    6/10
    persistence

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence
    behavioral1behavioral2behavioral3behavioral4

    • Target

      .bash_history1/.kde/b

    • Size

      8KB

    • MD5

      0453ae2cac43ee1da908ca414c3e31e4

    • SHA1

      67ccc3866b13d10f5f7106b7580b7cbc8dc8a470

    • SHA256

      d0e85625d7a0f2a64fa1c06965f8e0fbbfaa382013f3e636cded0b3c541bea61

    • SHA512

      0259386c3acf3b39b2a61611c2da15cb04269940b392d27f368e02f0473ba1b123531454849dea3a219cd5608bd52bf58db52f9db461c89fc189e12b64852777

    • SSDEEP

      192:fco9x2gTFmcSJFBzJb9PcsbqCnFw6WcGypdAvf6:fcmhdYbtb9PccF+qkq

    Score
    1/10
    behavioral5

    • Target

      .bash_history1/.kde/b2

    • Size

      19KB

    • MD5

      6cbde448e8dcdb36521f275afa5a978d

    • SHA1

      b85a7130bbf77b4c237e0bf915f6ce672792e47e

    • SHA256

      e9715d2b9af3fea3a6fd5fe00304acd7ab2f3f389c9d0486059a45e7016798dc

    • SHA512

      3bfdce0018108eb80590ea6138b1e54a1d52f81f4c55cf83a3f63e2a17ce3e91bd7ed19a1935633755420fd0ff1c185757de4b5ff3b091d3d54529c442c0963b

    • SSDEEP

      192:fxPS6cLDBTng1iwU0SLMVirVtq/S/oetNwEJOH/hqB4gHHHHuf1can21c1UGq9s:fdcLDVwU0SHVtCSwetNwt/I8f1j21IU+

    Score
    1/10
    behavioral6

    • Target

      .bash_history1/.kde/crond

    • Size

      148KB

    • MD5

      f5b1420933dc0f210a2664e23a58c039

    • SHA1

      c34597af2f63be4214a1b63ca7915229e0578a93

    • SHA256

      88cc820bafce9be130e34648eaf63a15469d8c237f0d6b22e089051e3a9b10e1

    • SHA512

      279787a68e08e8d9481ee37fac098d862b9970490eecf2250c6c40b8330772cefc092ab0b9ee53f7747e3a13318ed4fb74a7d55c4b8bfb7472faca675fd3beef

    • SSDEEP

      3072:UNHik9rOwkocfiYahVTZKblvK4xTGpGpyiaTa:UNBOwssTKvK4EpdT

    Score
    1/10
    behavioral7

    • Target

      .bash_history1/.kde/essyn

    • Size

      11KB

    • MD5

      6a5f21aee8579a08eb3bcac9826cc80e

    • SHA1

      b39a8422251e99e8c61427d94649ef743d57cd2f

    • SHA256

      fa4ed987ac7c63622134633308e1c3f1bb17d038a9fe459b77b70840c53ed528

    • SHA512

      fc69d107c7bc4cf990354e2b98be818ea8b381458809aedf04688f5746e26878a8545c0bc8117da880712f221fbbafe26f45428d21825a037a6e2b7659e1a689

    • SSDEEP

      192:GJdZBWkOpeIdGENzDZNV/20qZxX3wCSZp8by:+BWZ5NBNVSxX303

    Score
    1/10
    behavioral8

    • Target

      .bash_history1/.kde/f

    • Size

      8KB

    • MD5

      2554ffaedc5bf037383457e671f0baea

    • SHA1

      1ed59a0dc45d4b744df58999a18f987183b2e4ee

    • SHA256

      02eda65cd09f03855057c1e147b93f98d0f24f286e3b2aac5779ff6a007adf43

    • SHA512

      8a59d7449c007526adae1433798749657c2cf85db29bf8ecfb81946aa3ccd5a64dbc8b1dda41cadc175a3398faa3438af44bfa83d7074b7546b71b347dba9555

    • SSDEEP

      96:fNc16qcPdismTjQLSVB3LWaPflsNd9UqtmcyNVlC43uRm+Uw+4T1Ebr6ufhGP:fy+liDjQLSVzmd9UqtmcHbUDkGyO6

    Score
    1/10
    behavioral9

    • Target

      .bash_history1/.kde/f4

    • Size

      14KB

    • MD5

      88da5242d494a29f9307d93f003f7f1d

    • SHA1

      8238b054ea6eafd97898835052c7c01053a5c7b2

    • SHA256

      ceb82162527b1f4512a1b16f300dcb3bc4d377104dbc3f21b70bd32cd05b60f8

    • SHA512

      7c00235a4e1c14fe6912c87756848870175e23fc82971d7b7b5e1b542755bddcf52807fb9315bab58cbe9fe9ae705b908dd5358a842d6303f85c04eaf2f7a8de

    • SSDEEP

      192:fDqe0I8HAtnkvOa/t7O3A2VY3vdSehW9Zm0A372OaRcixRcg6o5S:fuLHCnkvOa1Cw38SMml2OaRBRyf

    Score
    1/10
    behavioral10

    • Target

      .bash_history1/.kde/g

    • Size

      11KB

    • MD5

      ae654b2b6d4a499ceda763d499103b79

    • SHA1

      dcbe1c0d60a81a70b331a8bece5d28dde285c105

    • SHA256

      947468732417577551d36c751177d906bfdc74760d60ba3aeb91aa3e844b5e4e

    • SHA512

      78b5e3689163598e0ddd69dbb9b0d7fc9e61a397bb50a360e9392c03710624710103ac0cb39e3d7aef974ee387eca198ce32252273f2e837291a6817e04e67ef

    • SSDEEP

      192:fZqtqsoXhRGmmyLQaZ0uEk0QTnyEFZ8SNjFxLa:fAtqxXhRGmmqdpWMxNju

    Score
    1/10
    behavioral11

    • Target

      .bash_history1/.kde/j

    • Size

      15KB

    • MD5

      de14a5a9a778b40e3cccb02816c0e52b

    • SHA1

      1527118dfa541b2aa99132a48bcde22f57d971e0

    • SHA256

      0c005d01baf704dd34a29b3cb5451cde3abcb6ef7a4226391870f30a7025feae

    • SHA512

      b356889b2e229849e348337256631c2e371bdc32cb676da6b74569823d8cd093c592cb00befc0580953b0f38347c605bdfd5d822b631a251b4b3859e1bbda959

    • SSDEEP

      192:fzl57Tat9Ipxt1jQWejNSwlw8r5Wxu3v3Zf15v2/PU0cxcRoxVFUlMH:fz6ApTt+jN68cu3v3Zf15v2/wx02

    Score
    1/10
    behavioral12

    • Target

      .bash_history1/.kde/j2

    • Size

      13KB

    • MD5

      3117eec5cff2a57ca1f153c89b32861b

    • SHA1

      2f40fb39d5082db49dbbfbf48a2b20fdb4a0946d

    • SHA256

      b42146142866b57b8fee8cc72239ed7bce3d7740d4a7cc9149153b88277cc2a4

    • SHA512

      91e51c3d5201046a2b06c27f2448876034d2edad026c7c39a70a47b06d67c8e0bebcda85b345225378e73570f1495dc168ef58200deb00a780d735b9a9ec7c33

    • SSDEEP

      384:fHxeLNSu9HTHkGvxWPwcHfoDfQIL38dXu:5PWHTHrvxI5gIILss

    Score
    1/10
    behavioral13

    • Target

      .bash_history1/.kde/killer

    • Size

      16KB

    • MD5

      872b14e3df135ad31cb34cee1a02d3a6

    • SHA1

      899f77e3306a333285c3c87116145c8963bfb1ed

    • SHA256

      edf5c123da41b9d8d8250889c97c85a57ae196d283593986c7e7038f2936d6a0

    • SHA512

      2cf2636fd4fd4386f14e610af4786b10c2fb2333b7fe73f12efd4f88de979a6e6412d72dbfd2e2fe4a53d97fee255eb142e01b0c110b9f7ded1fc6913f313632

    • SSDEEP

      384:f0PsZzHjFt8K8bu3v3Zf15v2/wNGyNFPXru:JZXFtN8bav3Zf15v2YNGcbu

    Score
    1/10
    behavioral14

    • Target

      .bash_history1/.kde/mech.help

    • Size

      22KB

    • MD5

      1874b6a425f02814977ab798b2e65f17

    • SHA1

      d952c8962d3dca6201a5c8a132b64b26ea38361c

    • SHA256

      2aee40e57f48a2181dc9939404126562e88ca6e6b17fc56767a09036daf38867

    • SHA512

      74a2318f3066db20f1a63ed2f85fc38570a664c115348de6890abbea67cc17d3db38059530fd1b7246b81b502bcec84154226115387d218c4b8d5d3fddd08a07

    • SSDEEP

      384:c8SjDq9C5YRsQE65trp8AUR7MTyoqSJNok:xKq9n2QE65tl8AUR7MTRxNok

    Score
    1/10
    behavioral15behavioral16

    • Target

      .bash_history1/.kde/run

    • Size

      31B

    • MD5

      34c7aff3f9663d34a2a3ffdd7ae10f04

    • SHA1

      e4f35badc6262b71a1819daa786a9f5e59e5d0df

    • SHA256

      a5d5ab278d252b617f2141fc3bd7ff62c2e4da5ba26d6513797b190c06a481ea

    • SHA512

      0b84afd05f212fad316252935bd475a4ca51c71d6e5c20972901c5bf010bdee1c68b8d96f970271e76cd3643e7f418411a618c2914ea213a98d878fe3e706765

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      .bash_history1/.kde/s

    • Size

      14KB

    • MD5

      c24e82931367715c8597f05e5279bb0e

    • SHA1

      9d58bfb07d85483049f1d22bc02cfa3737706865

    • SHA256

      ed4b05a1d27bc71697f2e04f4584f80d31836e1c49fbe6701c4fcad64a9c591f

    • SHA512

      4a55f37fe3f83db989bb5c731ea2d21bbbb41081dc0b7df93b0f9b6b631408feab6cc747dfdc24cad59d8f660e3ba6ad51ace81599e8b42eee0ca04a6f1035b6

    • SSDEEP

      192:fX2JTP7k1E22X6HToyLJDOQc78JFJSNz8mWKNc/uPxNcj/EPASpP:fX2R27TvLJDOn78JFJkzlWKNpN+EP3

    Score
    1/10
    behavioral21

    • Target

      .bash_history1/.kde/sl

    • Size

      16KB

    • MD5

      a8b03eff9ba7e9b3d5176b1204c20a08

    • SHA1

      971b6f93b15c28dd72e8fdada7ddc0449b8bfeca

    • SHA256

      00f18bd9542e940377a4fb3711313d8f633bb96bbddd38579a9d8d7dd59320d1

    • SHA512

      d983905d23a4e99fd9586777b675121e2a6e7a42c32d477f95898cec92b8134f5811b469d458cd6d95c1c1d25e86439a56dd4c6a3279d13e51ccc1d65df6d6ce

    • SSDEEP

      384:fP05PnvcTrKngR88u3v3Zf15v2/w52XFdgo05:DrKgR88av3Zf15v2Y524o2

    Score
    1/10
    behavioral22

    • Target

      .bash_history1/.kde/ssyn

    • Size

      10KB

    • MD5

      ee1f1bd26982ea98460e6d04a27af91d

    • SHA1

      e83640a2e35ac5ad56c37d750ef086e2c179a84e

    • SHA256

      26cf286773b353cb9a4e36081aee5a445735ad2eecbdd4b9a242b043bffdd9c9

    • SHA512

      f2d79466338a36c5654bf4304487ae8a31e517a529faafa4080b7c117e1faba16f2027d879120c77a55387956b849ee1ed28c5a6d376184dfaf8e503f208723b

    • SSDEEP

      96:GuCC6TmEVcmjUw7Syetz5fO7MmW477jZwyikxNhy6GSShurMmkKaqTwis8fzGzhM:GbyzmjD7iQJx/yMShurMbqtb7kxb6

    Score
    1/10
    behavioral23

    • Target

      .bash_history1/.kde/start.sh

    • Size

      27B

    • MD5

      a224cfe19f43953d06432c7b7d2f17db

    • SHA1

      d09707b31621536a6641481980076c4a4a50f0e3

    • SHA256

      0ce922c5886e74bd29daf323e46789392b6b8f171893b976c7753d404aaf35be

    • SHA512

      d685ce6c3c455d5cdab347930d7b8e1b6823d231eed2502043393760df75e51b21d456ca1f8d6e288c7832d4a10c9fd10dedc24928a652a9d014fa97e3030495

    Score
    3/10
    behavioral24behavioral25

    • Target

      .bash_history1/.kde/std

    • Size

      14KB

    • MD5

      458bfb57bea37b400f135459068f8e82

    • SHA1

      34323bf56af2fc7105da5f64c1171aa28ebd5c4a

    • SHA256

      c81906d4fc30ef70deec4f3f25d8cc189953b2d41f03cd80dd66c3b02e5af522

    • SHA512

      5cf92159bde2ba9dfe2f1073e1b1dbde49083a4e666a9bfd4cce6557f4197e22249a185533016cfd9cd04ff25d6688959321af8e13f637e9d28eea7292a626ea

    • SSDEEP

      192:fgwUrURo3NxrWtyBcnfERKSYcN0j707Ygg3VcfpCVcG+mKeiMP:f44YNxaUBcnfeKSzawYrVGYV/RD9

    Score
    1/10
    behavioral26

    • Target

      .bash_history1/.kde/stealth

    • Size

      13KB

    • MD5

      4078e8f7ce154dbba1eaeffc83f5f172

    • SHA1

      01e8243774049339227da08a9823402df4b28750

    • SHA256

      bb56638e86bc3c9ae5b0c19ad6fa21a4a6f19e9d0320bd96c6568f39f8c7f840

    • SHA512

      eb0218ddde9bcfdcdde11fc7b24ed9f4e563f14fdb9dd65cd4306ce41e7a8310fa992950dbbb8579b6f965c99b6df48d90eb96da6edd2d013d677f6d9eea6df4

    • SSDEEP

      192:fPCKXJve3WLZrA0ygDnWxu3v3Zf15v22Pd0RVco7vfHWTFbe:flJWmWNgDOu3v3Zf15v22eVf7vf2E

    Score
    1/10
    behavioral27

    • Target

      .bash_history1/.kde/stream

    • Size

      8KB

    • MD5

      515e4b4b08dd8d4488516c9efdba9a8a

    • SHA1

      e2011b15fe673b40af2c72492d86214a5c9c917c

    • SHA256

      79d53e8d40b1e724a2940894a1b31ab51803782ae6bc6cf2abe90a8470ecffa1

    • SHA512

      a576e6a45b6f5a03c5c8331094dc128a054174a51acb0cff434b37cfc51f9ff10944a1abed817d86ece248483f68940d15ba04fc742c981344ec2cfcb01d1851

    • SSDEEP

      96:fDdKeZneTiF1+4rdfF1cgYI85HTI4RoS0SWOc6GIpYlioniweRR1hsngeuflG91:fhKeZeTi7+WOTI4N0SWOcwFR1hsvuS

    Score
    1/10
    behavioral28

    • Target

      .bash_history1/.kde/talk

    • Size

      15KB

    • MD5

      4818c54bfc182ef6c0f49ab35540fd18

    • SHA1

      e497ac83b176cf3f242d540f711fa7f9cf6127e2

    • SHA256

      26cbdee05a64f22127754988f6576f5f992c09bc2245f637f3738461d8a81224

    • SHA512

      bb5d7a6a340021be698641a75ac5f9837e1390d96535724c12a096e0c85ac62cd0ed24c749b6a11e51f3e6a75f1042ff211a21c1ebab6642fc8741e38360e0bf

    • SSDEEP

      192:fWxXcNfnsf088VlVtq///oetNwEJOH/hqB4gHHHH/JdcC8ksf0yk:fWQsftgVtC/wetNwt/IXdCo

    Score
    1/10
    behavioral29

    • Target

      .bash_history1/.kde/tty

    • Size

      6KB

    • MD5

      e99b9bf716695cdc826cd3e3b0f1b313

    • SHA1

      5d2ed29211c04e0941584e26c9e5ce858628451d

    • SHA256

      65e510d3ca296b51b8e028a59c921b15311173132af8c1acfb65f87dec1f848f

    • SHA512

      dcf0b5cc55887a1a99da458f7ab8e3480aa2c4bde2709a5b4da5fe29ff3536b0a686c9e9e275777735d3020aa34c369369667a346e61b38e73c2ef0b1d5e2f3c

    • SSDEEP

      96:fzBGCXW/AuT5XFUC9nAe9yBCpiof+ci4GFif436oWePSTbjgZMEVQhG2:fzokutVUC9nAe9yBC4of+cLXkST3R7n

    Score
    1/10
    behavioral30

    • Target

      .bash_history1/.kde/update

    • Size

      166B

    • MD5

      3c43473552c17749133d2977f6cba2a5

    • SHA1

      93b28dfbf07e849b8644ecde1be16adb3cd511e5

    • SHA256

      168f44675a3ed77fd2a6f5e43fb115257e9d2f8aa99a131628024f57812212d2

    • SHA512

      48cc10988e9d5b08de65cb00470ce8f6e09c131cfa5c2fc168fbb5dd7a781e60fb7a3edbeaa2ae8253538be78c793b44d4dca0c5f5e448ff6e52461eb94a7b06

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

botnetkaiten
Score
10/10

behavioral1

persistence
Score
6/10

behavioral2

persistence
Score
6/10

behavioral3

persistence
Score
6/10

behavioral4

persistence
Score
6/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10