General
-
Target
a2e0241dceb36d1b79593b0fa1326773.bin
-
Size
2.1MB
-
Sample
241029-b2lm3azmak
-
MD5
30c70a4a957904b19a46e3a7c70adbe9
-
SHA1
6bee255a5a798ad2c0d5818daa2f030ddde54954
-
SHA256
d1f0fb4fe056464b73e5d0c1d71e1cd479aa03abffb39b7194db7847d23e356d
-
SHA512
e8dfc78e5c24f8e3b9a480bc1508f21ee2756ca36bcaf7a42064f89d195b58bab5f4cd1e5388b14ea8b54da82fedb053bc59aacdd696bfcd12e1b4695a8a7ea3
-
SSDEEP
49152:ycA+xKRe0D6VL8EXBn/yhJ7cKPcRps0rT2lnKvQPnhZaujBmlm9:hxKR9DOAERqPcRph0+ChZAla
Behavioral task
behavioral1
Sample
82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73.elf
Resource
debian12-armhf-20240221-en
Malware Config
Extracted
kaiji
154.12.82.11:808
Targets
-
-
Target
82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73.elf
-
Size
5.1MB
-
MD5
a2e0241dceb36d1b79593b0fa1326773
-
SHA1
c9b68bf5b313cf0db314273fdc8e9b236d328e30
-
SHA256
82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73
-
SHA512
5b2760d5fffacf377a4610c08ff07f46d43a9d8ac823500629320136284e638e86765e3a120d4f464a6e4c381bfb51ddbf36713ed7a1cb233e8faf3012080db1
-
SSDEEP
49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVCrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqg
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1