General
-
Target
99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96.elf
-
Size
5.1MB
-
Sample
241028-dg9khayhqq
-
MD5
1a2806ff6c74b5c4c3cbe805c1d2cd6e
-
SHA1
2526156ca310c2beef1dadf7f51eb3a341894b97
-
SHA256
99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96
-
SHA512
7c9ce5dd1292bccd955981a58a88b4227f9c4ab6c1838d4c6483ae38e8f40c17f7a423c09f3ea965789cf2dbb1e8c6f9f6e99574f31111056c7379911fb96030
-
SSDEEP
49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhh+lYfQMcU1F1:OKY3U+qRxQ3qK3M
Behavioral task
behavioral1
Sample
99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96.elf
Resource
debian12-armhf-20240221-en
Malware Config
Extracted
kaiji
154.12.82.11:808
Targets
-
-
Target
99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96.elf
-
Size
5.1MB
-
MD5
1a2806ff6c74b5c4c3cbe805c1d2cd6e
-
SHA1
2526156ca310c2beef1dadf7f51eb3a341894b97
-
SHA256
99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96
-
SHA512
7c9ce5dd1292bccd955981a58a88b4227f9c4ab6c1838d4c6483ae38e8f40c17f7a423c09f3ea965789cf2dbb1e8c6f9f6e99574f31111056c7379911fb96030
-
SSDEEP
49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhh+lYfQMcU1F1:OKY3U+qRxQ3qK3M
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1