Malware Analysis Report

2025-04-03 09:54

Sample ID 250227-d1lb1strs3
Target 7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505.elf
SHA256 7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505
Tags
kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505

Threat Level: Known bad

The file 7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505.elf was found to be: Known bad.

Malicious Activity Summary

kaiten

Detects Kaiten/Tsunami Payload

Kaiten family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-02-27 03:28

Signatures

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-27 03:28

Reported

2025-02-27 03:31

Platform

debian12-mipsel-20240221-en

Max time kernel

94s

Max time network

108s

Command Line

[/tmp/7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505.elf]

Signatures

N/A

Processes

/tmp/7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505.elf

[/tmp/7a44cf5e4f75ce61edc23828f21a542357e19ba66c70bd26b50bbce051382505.elf]

Network

Country Destination Domain Proto
RU 193.143.1.118:6667 tcp
AU 1.1.1.1:53 debian12-mipsel-20240221-en-4 udp
AU 1.1.1.1:53 debian12-mipsel-20240221-en-4 udp
AU 1.1.1.1:53 debian12-mipsel-20240221-en-4 udp
AU 1.1.1.1:53 debian12-mipsel-20240221-en-4 udp

Files

N/A