General

  • Target

    749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c

  • Size

    515KB

  • Sample

    241027-r46c9aydjc

  • MD5

    0a1b377a36e48b5a59d7cc3327c5a2d9

  • SHA1

    76bc8feded70c1e72b828aed8c9087dcebf97886

  • SHA256

    749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c

  • SHA512

    acf3efc430d95eb2fc67e78e8a4fad597b7199e63425d4f4e951ab2d85b5b855cf3963b1d84b855126215745c7c1986c55d397f35f1ba2a109d0e84b76fcadd1

  • SSDEEP

    12288:IZ/Q8mhPZBXybwIIdQLAxCnNXsUKpH0fyXNGqvZ48B8dfQwD26N:4I8oxBL7+MxGCp5zR468pQe

Malware Config

Targets

    • Target

      749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c

    • Size

      515KB

    • MD5

      0a1b377a36e48b5a59d7cc3327c5a2d9

    • SHA1

      76bc8feded70c1e72b828aed8c9087dcebf97886

    • SHA256

      749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c

    • SHA512

      acf3efc430d95eb2fc67e78e8a4fad597b7199e63425d4f4e951ab2d85b5b855cf3963b1d84b855126215745c7c1986c55d397f35f1ba2a109d0e84b76fcadd1

    • SSDEEP

      12288:IZ/Q8mhPZBXybwIIdQLAxCnNXsUKpH0fyXNGqvZ48B8dfQwD26N:4I8oxBL7+MxGCp5zR468pQe

    • Detects Kaiten/Tsunami Payload

    • Kaiten family

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Indicator Removal: Timestomp

      Adversaries may remove indicators of compromise from the host to evade detection.

MITRE ATT&CK Enterprise v15

Tasks