Malware Analysis Report

2025-04-03 09:54

Sample ID 250306-h84ksasrs9
Target 533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745
SHA256 533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745
Tags
kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745

Threat Level: Known bad

The file 533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745 was found to be: Known bad.

Malicious Activity Summary

kaiten

Kaiten family

Detects Kaiten/Tsunami Payload

Detects Kaiten/Tsunami payload

Unexpected DNS network traffic destination

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-03-06 07:25

Signatures

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detects Kaiten/Tsunami payload

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-06 07:25

Reported

2025-03-06 07:26

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

33s

Max time network

35s

Command Line

[/tmp/533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745]

Signatures

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 15.235.192.168 N/A N/A
Destination IP 15.235.192.168 N/A N/A

Processes

/tmp/533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745

[/tmp/533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ircx.us.to udp
SG 15.235.192.168:53 ircx.us.to tcp
US 8.8.8.8:53 ircxx.us.to udp
SG 15.235.192.168:53 ircxx.us.to tcp

Files

N/A