General
-
Target
749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c
-
Size
515KB
-
Sample
241027-r6yq7awmhm
-
MD5
0a1b377a36e48b5a59d7cc3327c5a2d9
-
SHA1
76bc8feded70c1e72b828aed8c9087dcebf97886
-
SHA256
749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c
-
SHA512
acf3efc430d95eb2fc67e78e8a4fad597b7199e63425d4f4e951ab2d85b5b855cf3963b1d84b855126215745c7c1986c55d397f35f1ba2a109d0e84b76fcadd1
-
SSDEEP
12288:IZ/Q8mhPZBXybwIIdQLAxCnNXsUKpH0fyXNGqvZ48B8dfQwD26N:4I8oxBL7+MxGCp5zR468pQe
Malware Config
Targets
-
-
Target
749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c
-
Size
515KB
-
MD5
0a1b377a36e48b5a59d7cc3327c5a2d9
-
SHA1
76bc8feded70c1e72b828aed8c9087dcebf97886
-
SHA256
749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c
-
SHA512
acf3efc430d95eb2fc67e78e8a4fad597b7199e63425d4f4e951ab2d85b5b855cf3963b1d84b855126215745c7c1986c55d397f35f1ba2a109d0e84b76fcadd1
-
SSDEEP
12288:IZ/Q8mhPZBXybwIIdQLAxCnNXsUKpH0fyXNGqvZ48B8dfQwD26N:4I8oxBL7+MxGCp5zR468pQe
Score10/10-
Detects Kaiten/Tsunami Payload
-
Kaiten family
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Contacts a large (878) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Indicator Removal: Timestomp
Adversaries may remove indicators of compromise from the host to evade detection.
-