Overview

overview

10

Static

static

7

4ff3ba68d0...kes118

ubuntu-18.04-amd64

10

Analysis

  • max time kernel
    13s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    17-05-2024 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ff3ba68d0f154e98222bad4daf0f253_JaffaCakes118

  • Size

    184KB

  • MD5

    4ff3ba68d0f154e98222bad4daf0f253

  • SHA1

    8e59befc2f2a78d6fc2dd0f6f1f0fd3fc6e396cf

  • SHA256

    831fdc9efbb3c07eb6383ce1756eee0ad10559ff4caf9ea5603e3e5b35517bbb

  • SHA512

    a9cbc15ed313e222d036666b95728046287e6d6e52a41b713fe3c7cb7abfaa7c8f053a4140eac82eb209ebce34777fcce855925d826676cbd4210abaa620d94d

  • SSDEEP

    3072:0qPAv7XZZT1tzVKrpxxrvOnZ6aDMynKHBZbYe1S1+Oyr+t9wbt+h/V6JxHvQBqNG:0Lv7XZZT1tRohbaMyKHBZbYeI0yt9iO/

Score
10/10
kaitenbotnet

Malware Config

Signatures

  • Detects Kaiten/Tsunami Payload 1 IoCs
  • Detects Kaiten/Tsunami payload 1 IoCs
  • Kaiten/Tsunami

    Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    botnetkaiten
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/4ff3ba68d0f154e98222bad4daf0f253_JaffaCakes118
    /tmp/4ff3ba68d0f154e98222bad4daf0f253_JaffaCakes118
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1485

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1485-1-0x00007f497d977000-0x00007f497d98b760-memory.dmp
    Download