General

  • Target

    irq2.elf

  • Size

    515KB

  • Sample

    241022-tj3gzatbkh

  • MD5

    2ad737fb9e6ce08a164ddb8386f19b16

  • SHA1

    86e87501edbdb8b6ee6ada9497ba2b62d741decc

  • SHA256

    8e9cd77c31ba14b925208fa5e3d9f5675909f0a5ebc2399bdd9e36279314abd1

  • SHA512

    068f4f7659c1d29ac0a6510e591100fba7fa1ffc445db21ce6487d77c8b34370fce3a24b4e9ff18b8910757123f593342dd80e473c0e337e7fa504eb3a13754f

  • SSDEEP

    12288:v/J7M48SdpPK0RkLbZLn4nQdVV05tXqozEpwK9:HplxmLbJ4sY5tlzuv

Malware Config

Targets

    • Target

      irq2.elf

    • Size

      515KB

    • MD5

      2ad737fb9e6ce08a164ddb8386f19b16

    • SHA1

      86e87501edbdb8b6ee6ada9497ba2b62d741decc

    • SHA256

      8e9cd77c31ba14b925208fa5e3d9f5675909f0a5ebc2399bdd9e36279314abd1

    • SHA512

      068f4f7659c1d29ac0a6510e591100fba7fa1ffc445db21ce6487d77c8b34370fce3a24b4e9ff18b8910757123f593342dd80e473c0e337e7fa504eb3a13754f

    • SSDEEP

      12288:v/J7M48SdpPK0RkLbZLn4nQdVV05tXqozEpwK9:HplxmLbJ4sY5tlzuv

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Indicator Removal: Timestomp

      Adversaries may remove indicators of compromise from the host to evade detection.

MITRE ATT&CK Enterprise v15

Tasks