Extracted

• • Target

    3936778a15adee92bd18a953d54d651dcaf3338acd2111c4fcbffc4fee6efc26.elf

  • Size

    5.1MB

  • MD5

    dd34186278f3e6477ae906b9e7f8d744

  • SHA1

    db8da33e042487c183e657ad579bc038402b8862

  • SHA256

    3936778a15adee92bd18a953d54d651dcaf3338acd2111c4fcbffc4fee6efc26

  • SHA512

    eb96994f38c1b62169eec11bb20bc1c308d9a89508c3ad4b261db4835ecc57b65cb630f744988fe091c3c76c273223c25272a716fc52a8dba55ec8d1d4a73149

  • SSDEEP

    49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVyrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXq0

  Score

  10^/10

  persistence

  • Kaiji

    Kaiji payload

  • kaiji_chaosbot

    Chaos-variant payload

  • Changes its process name

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Creates/modifies environment variables

    Creating/modifying environment variables is a common persistence mechanism.

    persistence

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Reads CPU attributes

  • Write file to user bin folder

  • Modifies Bash startup script

    persistence
  behavioral1