Overview

overview

10

Static

static

1

irq0

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    irq0

  • Size

    605KB

  • Sample

    241020-jktaksyerq

  • MD5

    8d4a6b005fe1b8b6ab08ac9501a13110

  • SHA1

    ac3449f4ff85338a4cc99581070f358fb30ce1a1

  • SHA256

    a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13

  • SHA512

    7214699e67d101a6fb15e9a7571de1541480818bd399a6e26d018dd22ba33e8d8ebc42c2e7ba62b5268e595658eb57a7be744dee790cbeff71b7f18f9704bb84

  • SSDEEP

    12288:To2aovPAC2u24h68Qugl3qCiJ7o6xt95DujbUjWWkGHnon3MYNBEEx9IRXa:8IvPAC2utTQug7iJ7oOtO3UjLkConLfx

Score
10/10
kaitenbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

Malware Config

Targets

    • Target

      irq0

    • Size

      605KB

    • MD5

      8d4a6b005fe1b8b6ab08ac9501a13110

    • SHA1

      ac3449f4ff85338a4cc99581070f358fb30ce1a1

    • SHA256

      a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13

    • SHA512

      7214699e67d101a6fb15e9a7571de1541480818bd399a6e26d018dd22ba33e8d8ebc42c2e7ba62b5268e595658eb57a7be744dee790cbeff71b7f18f9704bb84

    • SSDEEP

      12288:To2aovPAC2u24h68Qugl3qCiJ7o6xt95DujbUjWWkGHnon3MYNBEEx9IRXa:8IvPAC2utTQug7iJ7oOtO3UjLkConLfx

    Score
    10/10
    kaitenbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Indicator Removal: Timestomp

      Adversaries may remove indicators of compromise from the host to evade detection.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks