Overview

overview

10

Static

static

5

.x86_64

ubuntu-22.04-amd64

10

Analysis

  • max time kernel
    1s
  • max time network
    131s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    10-12-2024 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .x86_64

  • Size

    184KB

  • MD5

    92dc30d449f563a5bdbba08d4a9d57fc

  • SHA1

    ff609eed2df786396203a8806400566df079cc7f

  • SHA256

    86db0330a233efe6e11f944833f9e9b7472d7f34595cf693f001d99df641513b

  • SHA512

    573fa375ddcb6a49690f5168d791af2529a89233d3bf0ff50c2b88686c27e4cef59432e0f6ae71745fecfa2657c23248ad33ea50ac8b9f1c96721f38e3325097

  • SSDEEP

    3072:JRuD2higiW5WdO4VgJYmntSxu23Ea8qxop/bW448wod7XSUdq7:JE6igifdlcYmtSb3d8qGjNHSQg

Score
10/10
kaitenbotnetdiscovery

Malware Config

Signatures

  • Detects Kaiten/Tsunami Payload 1 IoCs
  • Detects Kaiten/Tsunami payload 1 IoCs
  • Kaiten family
    kaiten
  • Kaiten/Tsunami

    Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    botnetkaiten
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.x86_64
    /tmp/.x86_64
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1599

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads