Overview

overview

10

Static

static

1

3ca9a2b5bc...kes118

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ca9a2b5bc58b34deab4225800c3c40c_JaffaCakes118

  • Size

    37KB

  • Sample

    240729-jr9k5stcme

  • MD5

    3ca9a2b5bc58b34deab4225800c3c40c

  • SHA1

    85e43d03e910d82cc37bdb515f01cc9f84590620

  • SHA256

    4322bae804c3f54909eb1e40a7ae9761c1ec463c5e4cee3c8a9bc8bb99046a47

  • SHA512

    3cd4a2d720e0dcf52eab3a99fa17ab3dee79d54a6fdd09191745f918e4ea6010b759fd0e6adb3816c9b0ce9f597ad362483badccf075fd8b2197af9087990f78

  • SSDEEP

    768:ipVE+UDsfbPCc3e6y5817dYhnFovuJTlsTZK2zhmBbo3U4:ipPZTdb68FdYFoWFlsVK2zhM2

Score
10/10
kaitenbotnetpersistence

Malware Config

Targets

    • Target

      3ca9a2b5bc58b34deab4225800c3c40c_JaffaCakes118

    • Size

      37KB

    • MD5

      3ca9a2b5bc58b34deab4225800c3c40c

    • SHA1

      85e43d03e910d82cc37bdb515f01cc9f84590620

    • SHA256

      4322bae804c3f54909eb1e40a7ae9761c1ec463c5e4cee3c8a9bc8bb99046a47

    • SHA512

      3cd4a2d720e0dcf52eab3a99fa17ab3dee79d54a6fdd09191745f918e4ea6010b759fd0e6adb3816c9b0ce9f597ad362483badccf075fd8b2197af9087990f78

    • SSDEEP

      768:ipVE+UDsfbPCc3e6y5817dYhnFovuJTlsTZK2zhmBbo3U4:ipPZTdb68FdYFoWFlsVK2zhM2

    Score
    10/10
    kaitenbotnetpersistence

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks