kaiten | 317806eaebb1cec9ddb962ef7fa19ee0673a67db3a8c7d650d76885041031ce8

Submit
Reports

Overview

overview

Static

static

SugarLogic...AWS.sh

ubuntu-18.04-amd64

SugarLogic...AWS.sh

debian-9-armhf

SugarLogic...AWS.sh

debian-9-mips

SugarLogic...AWS.sh

debian-9-mipsel

SugarLogic...nge.sh

ubuntu-18.04-amd64

SugarLogic...nge.sh

debian-9-armhf

SugarLogic...nge.sh

debian-9-mips

SugarLogic...nge.sh

debian-9-mipsel

SugarLogic...tup.sh

windows7-x64

SugarLogic...tup.sh

windows10-2004-x64

SugarLogic...bot.sh

windows7-x64

SugarLogic...bot.sh

windows10-2004-x64

SugarLogic...d_2.sh

ubuntu-18.04-amd64

SugarLogic...d_2.sh

debian-9-armhf

SugarLogic...d_2.sh

debian-9-mips

SugarLogic...d_2.sh

debian-9-mipsel

SugarLogic...oit.sh

windows7-x64

SugarLogic...oit.sh

windows10-2004-x64

SugarLogic...arch64

ubuntu-18.04-amd64

SugarLogic...arch64

debian-9-armhf

SugarLogic...arch64

debian-9-mips

SugarLogic...arch64

debian-9-mipsel

SugarLogic...x86_64

ubuntu-22.04-amd64

SugarLogic.../bot_u

ubuntu-22.04-amd64

SugarLogic...en2.sh

ubuntu-18.04-amd64

SugarLogic...en2.sh

debian-9-armhf

SugarLogic...en2.sh

debian-9-mips

SugarLogic...en2.sh

debian-9-mipsel

SugarLogic...cap.so

ubuntu-22.04-amd64

SugarLogic.../mo.sh

ubuntu-18.04-amd64

SugarLogic.../mo.sh

debian-9-armhf

SugarLogic.../mo.sh

debian-9-mips

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
29-12-2024 23:10

Sharing

Copy URL

Twitter E-mail

Static task

static1

7 signatures

Behavioral task

behavioral1

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

ubuntu1804-amd64-20240611-en

antivm discovery evasion

ubuntu-18.04-amd64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

debian9-armhf-20240611-en

antivm discovery evasion

debian-9-armhf

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

debian9-mipsbe-20240418-en

antivm defense_evasion discovery evasion

debian-9-mips

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/AWS.sh

Resource

debian9-mipsel-20240729-en

antivm defense_evasion discovery evasion

debian-9-mipsel

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

ubuntu1804-amd64-20240611-en

discovery

ubuntu-18.04-amd64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

debian9-armhf-20240729-en

antivm discovery

debian-9-armhf

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

debian9-mipsbe-20240611-en

discovery

debian-9-mips

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

Resource

debian9-mipsel-20240611-en

discovery

debian-9-mipsel

6 signatures

150 seconds

Behavioral task

behavioral9

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.XMR.tmp.Setup.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral10

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.XMR.tmp.Setup.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.put.the.bot.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral12

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes.put.the.bot.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

ubuntu1804-amd64-20240508-en

defense_evasion discovery persistence

ubuntu-18.04-amd64

10 signatures

150 seconds

Behavioral task

behavioral14

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

debian9-armhf-20240611-en

antivm defense_evasion discovery execution persistence

debian-9-armhf

13 signatures

150 seconds

Behavioral task

behavioral15

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

debian9-mipsbe-20240611-en

credential_access defense_evasion discovery execution persistence

debian-9-mips

16 signatures

150 seconds

Behavioral task

behavioral16

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/Kubernetes_root_PayLoad_2.sh

Resource

debian9-mipsel-20240729-en

credential_access defense_evasion discovery execution persistence

debian-9-mipsel

16 signatures

150 seconds

Behavioral task

behavioral17

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/MountSshExploit.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral18

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/MountSshExploit.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

debian9-armhf-20240611-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

debian9-mipsbe-20240611-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/aarch64

Resource

debian9-mipsel-20240611-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/TNTb/x86_64

Resource

ubuntu2204-amd64-20240522.1-en

kaiten botnet discovery

ubuntu-22.04-amd64

5 signatures

150 seconds

Behavioral task

behavioral24

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/bot_u

Resource

ubuntu2204-amd64-20240611-en

kaiten botnet discovery

ubuntu-22.04-amd64

5 signatures

150 seconds

Behavioral task

behavioral25

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

ubuntu1804-amd64-20240729-en

ubuntu-18.04-amd64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

debian9-armhf-20240611-en

antivm discovery

debian-9-armhf

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

debian9-mipsbe-20240611-en

discovery

debian-9-mips

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

Resource

debian9-mipsel-20240418-en

discovery

debian-9-mipsel

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/libpcap.so

Resource

ubuntu2204-amd64-20240729-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/mo.sh

Resource

ubuntu1804-amd64-20240611-en

defense_evasion discovery

ubuntu-18.04-amd64

8 signatures

150 seconds

Behavioral task

behavioral31

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/mo.sh

Resource

debian9-armhf-20240611-en

antivm defense_evasion discovery

debian-9-armhf

9 signatures

150 seconds

Behavioral task

behavioral32

Sample

SugarLogic_#teamtnt_by_@r3dbU7z/mo.sh

Resource

debian9-mipsbe-20240611-en

xmrig xmrig_linux defense_evasion discovery miner persistence privilege_escalation

debian-9-mips

17 signatures

150 seconds

Report Analysis Logs

General

Target

SugarLogic_#teamtnt_by_@r3dbU7z/bot_u
Size

41KB
MD5

a00bbf635695b13c55e132ca2563755c
SHA1

26752d1733f9f7c67d5e0d088af032a6beed94d4
SHA256

5e1af7f4e6cf89cff44ee209399a9fab3bfd8f1ca9703fb54cee05cce2b16d4c
SHA512

0f9d29acce7b909ee46d3fb126f63d76be2f48521b66fc2598ecc796c6691f7995859c7916cad7e1af9dd4b499957e213a2468b41e636511e5ec659b185e533f
SSDEEP

768:Hj98GdqC5FO01I+ycmLoJNX8eDZXPx1+wak99nBQxnun5jFc8gPwIQ:e2du0zycJJN9BxkFk9Ixnun5jFc8iwr

Score

10^/10

kaiten botnet discovery

Malware Config

Signatures

Detects Kaiten/Tsunami Payload 1 IoCs

resource	yara_rule
behavioral24/memory/1564-1-0x0000000000400000-0x0000000000416f68-memory.dmp	family_kaiten2

Detects Kaiten/Tsunami payload 1 IoCs

resource	yara_rule
behavioral24/memory/1564-1-0x0000000000400000-0x0000000000416f68-memory.dmp	family_kaiten

Kaiten family
kaiten
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
botnet kaiten

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/exe	bot_u

Processes

/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/bot_u
"/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/bot_u"
1⤵
- Reads runtime system information
PID:1564

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads