kaiji | 78e31c6e830ed62a38c210114ef5d3be2c13965e04affda1cc8c73d8646670d1 | Triage

Sharing

General

Target

78e31c6e830ed62a38c210114ef5d3be2c13965e04affda1cc8c73d8646670d1.elf
Size

5.6MB
Sample

241012-phmynsvaqj
MD5

e7832e0074f1afe1362f1e8d5d55bec3
SHA1

6b3720bd59c8729210153b9e5360f5e7f9be73b0
SHA256

78e31c6e830ed62a38c210114ef5d3be2c13965e04affda1cc8c73d8646670d1
SHA512

0aa8179617ad0ac5528517bd04ecc9f43c828ffe9389e9d081d2f6b50c2b5bd9ae35c50211f20a7aed475dd678a741f0e825db7477705dc2266a4daa131b82ee
SSDEEP

98304:yC91hAFxvW6WGVqq7g3JDCg76dAuE8iW5ay5mIOX+aaNcc8pNkxXkz8xBs3K4HUe:yC91hAFxvW6WGVqq7g3JDCg76dAuE8i5

Score

10^/10

kaiji defense_evasion discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  78e31c6e830ed62a38c210114ef5d3be2c13965e04affda1cc8c73d8646670d1.elf
- Size
  
  5.6MB
- MD5
  
  e7832e0074f1afe1362f1e8d5d55bec3
- SHA1
  
  6b3720bd59c8729210153b9e5360f5e7f9be73b0
- SHA256
  
  78e31c6e830ed62a38c210114ef5d3be2c13965e04affda1cc8c73d8646670d1
- SHA512
  
  0aa8179617ad0ac5528517bd04ecc9f43c828ffe9389e9d081d2f6b50c2b5bd9ae35c50211f20a7aed475dd678a741f0e825db7477705dc2266a4daa131b82ee
- SSDEEP
  
  98304:yC91hAFxvW6WGVqq7g3JDCg76dAuE8iW5ay5mIOX+aaNcc8pNkxXkz8xBs3K4HUe:yC91hAFxvW6WGVqq7g3JDCg76dAuE8i5
Score

7^/10

defense_evasion discovery persistence privilege_escalation
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation