General

  • Target

    fd7fd7591a29ce6018b5739e56db30f81843d3740dff20d93fe9e9c65faf6081.zip

  • Size

    1.6MB

  • Sample

    250327-zcw99sxxev

  • MD5

    25e769e65ce1cc7a0f1b00309c8cfc8c

  • SHA1

    bcd095a80369a1da3921b8d4c4021bcfd487ec1c

  • SHA256

    fd7fd7591a29ce6018b5739e56db30f81843d3740dff20d93fe9e9c65faf6081

  • SHA512

    e30ee7cd1ddc93da578dc230de70a45509de253d873a308aee2a110ea3db37a26a188b0bcd5e3ab983e13bf1b8c5dd7ceade6ae63b405d9b400a3cdbf7e9baa3

  • SSDEEP

    24576:mMtqO/ohXqYCma6jxpn8xgjEUp+86XVCotiqFEe5MW36dqR1qsqzL37QBuiL5yOV:+hkYj8AJp+8OVCot/n5H7q33rO9/

Malware Config

Targets

    • Target

      b666cd08b065132235303727f2d77997a30355ae0e5b557cd08d41c9ade7622d.elf

    • Size

      1.8MB

    • MD5

      c4fb78194bee0c53c86765f40bc3f674

    • SHA1

      a59fd4626ddf91333b4a857fb12f3845f42cd774

    • SHA256

      b666cd08b065132235303727f2d77997a30355ae0e5b557cd08d41c9ade7622d

    • SHA512

      5fde5f8612966c925b850f854b305daf2e3e89e356744509e63d307b69f428d86b77b2045d8989a626da641a3a3c98ecd6a36763d5d6ce3f4851099820eb9329

    • SSDEEP

      24576:5EBishE1l8Z/TgXuNuEAdOFD13cdl4FDeawbYxWgkJ7+WzhmV7ZVnkjAZ6bp8bUN:JsSg+UZGihabbwWgo+whmVN9Z6ObUr5

    Score
    10/10
    • Detects Kaiten/Tsunami Payload

    • Detects Kaiten/Tsunami payload

    • Kaiten family

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Runs EXE from memory

      Runs an executable from memory, likely to minimize footprint

MITRE ATT&CK Enterprise v15

Tasks