General

  • Target

    2a02cf799a0231ff1faf3f5a02f4399fbe4492f0d68081e27f93c181b37731f1

  • Size

    510KB

  • Sample

    241020-jmcevayfnr

  • MD5

    5d75670fdc5531ef09ec12de7fa8ab34

  • SHA1

    8695057628cf9a12f97e260694dbfc50138cf0dd

  • SHA256

    2a02cf799a0231ff1faf3f5a02f4399fbe4492f0d68081e27f93c181b37731f1

  • SHA512

    6fd21a9554f00e4ab77401048a6a6361b1aa0c991ddfdd8a2b4938f4f95690dbd62c5c3b56b819fce10c0953a56a2e99d7d618778f269c5dd496e87ee7c91ea1

  • SSDEEP

    12288:6N/85i/pHqAyIJQenHqDsOnXRQI6Z6udA56hsrIr5H+NIG/:oQcpKLK7oan7d00r5eX

Malware Config

Targets

    • Target

      2a02cf799a0231ff1faf3f5a02f4399fbe4492f0d68081e27f93c181b37731f1

    • Size

      510KB

    • MD5

      5d75670fdc5531ef09ec12de7fa8ab34

    • SHA1

      8695057628cf9a12f97e260694dbfc50138cf0dd

    • SHA256

      2a02cf799a0231ff1faf3f5a02f4399fbe4492f0d68081e27f93c181b37731f1

    • SHA512

      6fd21a9554f00e4ab77401048a6a6361b1aa0c991ddfdd8a2b4938f4f95690dbd62c5c3b56b819fce10c0953a56a2e99d7d618778f269c5dd496e87ee7c91ea1

    • SSDEEP

      12288:6N/85i/pHqAyIJQenHqDsOnXRQI6Z6udA56hsrIr5H+NIG/:oQcpKLK7oan7d00r5eX

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Indicator Removal: Timestomp

      Adversaries may remove indicators of compromise from the host to evade detection.

MITRE ATT&CK Enterprise v15

Tasks