kaiten | 831fdc9efbb3c07eb6383ce1756eee0ad10559ff4caf9ea5603e3e5b35517bbb

Analysis

max time kernel
13s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17-05-2024 14:14

Target

4ff3ba68d0f154e98222bad4daf0f253_JaffaCakes118
Size

184KB
MD5

4ff3ba68d0f154e98222bad4daf0f253
SHA1

8e59befc2f2a78d6fc2dd0f6f1f0fd3fc6e396cf
SHA256

831fdc9efbb3c07eb6383ce1756eee0ad10559ff4caf9ea5603e3e5b35517bbb
SHA512

a9cbc15ed313e222d036666b95728046287e6d6e52a41b713fe3c7cb7abfaa7c8f053a4140eac82eb209ebce34777fcce855925d826676cbd4210abaa620d94d
SSDEEP

3072:0qPAv7XZZT1tzVKrpxxrvOnZ6aDMynKHBZbYe1S1+Oyr+t9wbt+h/V6JxHvQBqNG:0Lv7XZZT1tRohbaMyKHBZbYeI0yt9iO/

Score

10^/10

kaiten botnet

Detects Kaiten/Tsunami Payload 1 IoCs

resource	yara_rule
behavioral1/memory/1485-1-0x00007f497d977000-0x00007f497d98b760-memory.dmp	family_kaiten2

Detects Kaiten/Tsunami payload 1 IoCs

resource	yara_rule
behavioral1/memory/1485-1-0x00007f497d977000-0x00007f497d98b760-memory.dmp	family_kaiten

Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
botnet kaiten

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	4ff3ba68d0f154e98222bad4daf0f253_JaffaCakes118

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/.ddr	4ff3ba68d0f154e98222bad4daf0f253_JaffaCakes118