kaiten | 317806eaebb1cec9ddb962ef7fa19ee0673a67db3a8c7d650d76885041031ce8

Submit
Reports

Overview

overview

Static

static

SugarLogic...AWS.sh

ubuntu-18.04-amd64

SugarLogic...AWS.sh

debian-9-armhf

SugarLogic...AWS.sh

debian-9-mips

SugarLogic...AWS.sh

debian-9-mipsel

SugarLogic...nge.sh

ubuntu-18.04-amd64

SugarLogic...nge.sh

debian-9-armhf

SugarLogic...nge.sh

debian-9-mips

SugarLogic...nge.sh

debian-9-mipsel

SugarLogic...tup.sh

windows7-x64

SugarLogic...tup.sh

windows10-2004-x64

SugarLogic...bot.sh

windows7-x64

SugarLogic...bot.sh

windows10-2004-x64

SugarLogic...d_2.sh

ubuntu-18.04-amd64

SugarLogic...d_2.sh

debian-9-armhf

SugarLogic...d_2.sh

debian-9-mips

SugarLogic...d_2.sh

debian-9-mipsel

SugarLogic...oit.sh

windows7-x64

SugarLogic...oit.sh

windows10-2004-x64

SugarLogic...arch64

ubuntu-18.04-amd64

SugarLogic...arch64

debian-9-armhf

SugarLogic...arch64

debian-9-mips

SugarLogic...arch64

debian-9-mipsel

SugarLogic...x86_64

ubuntu-22.04-amd64

SugarLogic.../bot_u

ubuntu-22.04-amd64

SugarLogic...en2.sh

ubuntu-18.04-amd64

SugarLogic...en2.sh

debian-9-armhf

SugarLogic...en2.sh

debian-9-mips

SugarLogic...en2.sh

debian-9-mipsel

SugarLogic...cap.so

ubuntu-22.04-amd64

SugarLogic.../mo.sh

ubuntu-18.04-amd64

SugarLogic.../mo.sh

debian-9-armhf

SugarLogic.../mo.sh

debian-9-mips

Analysis

max time kernel
149s
max time network
152s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
29-12-2024 23:10

Sharing

Copy URL

Twitter E-mail

Static task

static1

7 signatures

Behavioral task

behavioral1

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

ubuntu1804-amd64-20240611-en

antivm discovery evasion

ubuntu-18.04-amd64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

debian9-armhf-20240611-en

antivm discovery evasion

debian-9-armhf

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

debian9-mipsbe-20240418-en

antivm defense_evasion discovery evasion

debian-9-mips

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

debian9-mipsel-20240729-en

antivm defense_evasion discovery evasion

debian-9-mipsel

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

ubuntu1804-amd64-20240611-en

discovery

ubuntu-18.04-amd64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

debian9-armhf-20240729-en

antivm discovery

debian-9-armhf

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

debian9-mipsbe-20240611-en

discovery

debian-9-mips

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

debian9-mipsel-20240611-en

discovery

debian-9-mipsel

6 signatures

150 seconds

Behavioral task

behavioral9

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.XMR.tmp.Setup.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral10

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.XMR.tmp.Setup.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.put.the.bot.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral12

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.put.the.bot.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

ubuntu1804-amd64-20240508-en

defense_evasion discovery persistence

ubuntu-18.04-amd64

10 signatures

150 seconds

Behavioral task

behavioral14

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

debian9-armhf-20240611-en

antivm defense_evasion discovery execution persistence

debian-9-armhf

13 signatures

150 seconds

Behavioral task

behavioral15

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

debian9-mipsbe-20240611-en

credential_access defense_evasion discovery execution persistence

debian-9-mips

16 signatures

150 seconds

Behavioral task

behavioral16

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

debian9-mipsel-20240729-en

credential_access defense_evasion discovery execution persistence

debian-9-mipsel

16 signatures

150 seconds

Behavioral task

behavioral17

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/MountSshExploit.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral18

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/MountSshExploit.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

debian9-armhf-20240611-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

debian9-mipsbe-20240611-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

debian9-mipsel-20240611-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/x86_64

Resource

ubuntu2204-amd64-20240522.1-en

kaiten botnet discovery

ubuntu-22.04-amd64

5 signatures

150 seconds

Behavioral task

behavioral24

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/bot_u

Resource

ubuntu2204-amd64-20240611-en

kaiten botnet discovery

ubuntu-22.04-amd64

5 signatures

150 seconds

Behavioral task

behavioral25

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

ubuntu1804-amd64-20240729-en

ubuntu-18.04-amd64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

debian9-armhf-20240611-en

antivm discovery

debian-9-armhf

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

debian9-mipsbe-20240611-en

discovery

debian-9-mips

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

debian9-mipsel-20240418-en

discovery

debian-9-mipsel

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/libpcap.so

Resource

ubuntu2204-amd64-20240729-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/mo.sh

Resource

ubuntu1804-amd64-20240611-en

defense_evasion discovery

ubuntu-18.04-amd64

8 signatures

150 seconds

Behavioral task

behavioral31

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/mo.sh

Resource

debian9-armhf-20240611-en

antivm defense_evasion discovery

debian-9-armhf

9 signatures

150 seconds

Behavioral task

behavioral32

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/mo.sh

Resource

debian9-mipsbe-20240611-en

xmrig xmrig_linux defense_evasion discovery miner persistence privilege_escalation

debian-9-mips

17 signatures

150 seconds

Report Analysis Logs

General

Target

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/x86_64
Size

41KB
MD5

bdb404a243e374cda8948a5480f263e6
SHA1

98bea07044c2a756f5179b8bc776971f9a03b7db
SHA256

33c8591edd61c6e968e727683a63fba0352b5b6b59a0b3005628c38848dd7dd3
SHA512

6d6ce4f156e3250965bf9b445be968967f8c5a596448ad1b8d41a189d28e9d4aa8fe8a32d8a0ad5956c020629b7401c705117832f48058bac071c7bb37e1ab62
SSDEEP

768:Yjo7npPeMEjUJ5xOcT8Pv2jwLME7ruzcKpV8gDfb7wIP:9p2MEjb/+jEucY17XwA

Score

10^/10

kaiten botnet discovery

Malware Config

Signatures

Detects Kaiten/Tsunami Payload 1 IoCs

resource	yara_rule
behavioral23/memory/1555-1-0x0000000000400000-0x0000000000416f68-memory.dmp	family_kaiten2

Detects Kaiten/Tsunami payload 1 IoCs

resource	yara_rule
behavioral23/memory/1555-1-0x0000000000400000-0x0000000000416f68-memory.dmp	family_kaiten

Kaiten family
kaiten
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
botnet kaiten

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/exe	x86_64

Processes

/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/x86_64
"/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/x86_64"
1⤵
- Reads runtime system information
PID:1555

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads