kaiten | da0a6ccf8853a783f0ca2883b018add1b7743ed1730d7240eb131fdca61beead | Triage

Sharing

General

Target

411359b108b7250c1fe9c2a597b326b1_JaffaCakes118
Size

576KB
Sample

240729-mngmqsybnd
MD5

411359b108b7250c1fe9c2a597b326b1
SHA1

38d95e93e9048b0126dcbbb7851c2fdbf99ae5b3
SHA256

da0a6ccf8853a783f0ca2883b018add1b7743ed1730d7240eb131fdca61beead
SHA512

ba54733629cadaada5056446a8fa562a34055eae7d75088893922ce8f2a70b86cb90dd5a5763d4f54d95438a2aed0cccd943789f66eb62c781018ca5c6613986
SSDEEP

12288:yxowMBurLdk/jiCQwnJdhYn8Gdz5/e/J+DljNRazOni:yvRrIjDQwnJbYrdzMJMAzOi

Score

10^/10

kaiten botnet persistence

Malware Config

Targets

- Target
  
  411359b108b7250c1fe9c2a597b326b1_JaffaCakes118
- Size
  
  576KB
- MD5
  
  411359b108b7250c1fe9c2a597b326b1
- SHA1
  
  38d95e93e9048b0126dcbbb7851c2fdbf99ae5b3
- SHA256
  
  da0a6ccf8853a783f0ca2883b018add1b7743ed1730d7240eb131fdca61beead
- SHA512
  
  ba54733629cadaada5056446a8fa562a34055eae7d75088893922ce8f2a70b86cb90dd5a5763d4f54d95438a2aed0cccd943789f66eb62c781018ca5c6613986
- SSDEEP
  
  12288:yxowMBurLdk/jiCQwnJdhYn8Gdz5/e/J+DljNRazOni:yvRrIjDQwnJbYrdzMJMAzOi
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1

kaitenbotnetpersistence