General
-
Target
d5f2ac7ce84a2b75c3011d08df6c54a115f0058bab9d286d759eb2e6ea47fd6f.elf
-
Size
5.1MB
-
Sample
241101-gkj1ssyqep
-
MD5
09953c0fdf5fd2a6f4e264b3f85f6255
-
SHA1
50350925a1444e4dc0bb60bff1a11f1bc06c18a7
-
SHA256
d5f2ac7ce84a2b75c3011d08df6c54a115f0058bab9d286d759eb2e6ea47fd6f
-
SHA512
d2ae3c8e6244d419ebe4b0c9035568c28a960d0fc027b1383c001954fbf017766b96b5a48f15cebf4e22390f5d26d9d8df104b7497ee6ca1dad680cd50b75289
-
SSDEEP
98304:8cSBHdgN2a7JP97kJru8cYWPAXqOu+60:8cS03Wu+6
Behavioral task
behavioral1
Sample
d5f2ac7ce84a2b75c3011d08df6c54a115f0058bab9d286d759eb2e6ea47fd6f.elf
Resource
debian12-armhf-20240418-en
Malware Config
Extracted
kaiji
78789.dns.army:808
Targets
-
-
Target
d5f2ac7ce84a2b75c3011d08df6c54a115f0058bab9d286d759eb2e6ea47fd6f.elf
-
Size
5.1MB
-
MD5
09953c0fdf5fd2a6f4e264b3f85f6255
-
SHA1
50350925a1444e4dc0bb60bff1a11f1bc06c18a7
-
SHA256
d5f2ac7ce84a2b75c3011d08df6c54a115f0058bab9d286d759eb2e6ea47fd6f
-
SHA512
d2ae3c8e6244d419ebe4b0c9035568c28a960d0fc027b1383c001954fbf017766b96b5a48f15cebf4e22390f5d26d9d8df104b7497ee6ca1dad680cd50b75289
-
SSDEEP
98304:8cSBHdgN2a7JP97kJru8cYWPAXqOu+60:8cS03Wu+6
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1