Analysis Overview
score
10/10
SHA256
533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745
Threat Level: Known bad
The file 533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745 was found to be: Known bad.
Malicious Activity Summary
Kaiten family
Detects Kaiten/Tsunami Payload
Detects Kaiten/Tsunami payload
Unexpected DNS network traffic destination
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2025-03-06 07:25
Signatures
Detects Kaiten/Tsunami Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Kaiten/Tsunami payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-06 07:25
Reported
2025-03-06 07:26
Platform
ubuntu2204-amd64-20240522.1-en
Max time kernel
33s
Max time network
35s
Command Line
[/tmp/533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745]
Signatures
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 15.235.192.168 | N/A | N/A |
| Destination IP | 15.235.192.168 | N/A | N/A |
Processes
/tmp/533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745
[/tmp/533c879314313e072c077ff5d595190add280090a0f1deff18db138efca99745]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ircx.us.to | udp |
| SG | 15.235.192.168:53 | ircx.us.to | tcp |
| US | 8.8.8.8:53 | ircxx.us.to | udp |
| SG | 15.235.192.168:53 | ircxx.us.to | tcp |
Files
N/A