Analysis
-
max time kernel
1s -
max time network
132s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
08-11-2024 11:36
General
-
Target
.systemd/.x86_64
-
Size
184KB
-
MD5
92dc30d449f563a5bdbba08d4a9d57fc
-
SHA1
ff609eed2df786396203a8806400566df079cc7f
-
SHA256
86db0330a233efe6e11f944833f9e9b7472d7f34595cf693f001d99df641513b
-
SHA512
573fa375ddcb6a49690f5168d791af2529a89233d3bf0ff50c2b88686c27e4cef59432e0f6ae71745fecfa2657c23248ad33ea50ac8b9f1c96721f38e3325097
-
SSDEEP
3072:JRuD2higiW5WdO4VgJYmntSxu23Ea8qxop/bW448wod7XSUdq7:JE6igifdlcYmtSb3d8qGjNHSQg
Score
10/10
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 1 IoCs
-
Detects Kaiten/Tsunami payload 1 IoCs
-
Kaiten family
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/.systemd/.x86_64/tmp/.systemd/.x86_641⤵
- Reads runtime system information
- Writes file to tmp directory