General
-
Target
9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd.elf
-
Size
2.0MB
-
Sample
241103-d2wt5stfqn
-
MD5
a3ae5faa01a7db12ab76104d756cffe4
-
SHA1
976dcf62f67e5acc7dd97b81530e226532323104
-
SHA256
9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd
-
SHA512
5b1b9bea5dfcffbc15594b5d6f035c5b435a7af6e1d99fe9b7357a4a6c34f17b3216be60cb6b5eee802c772863ea971ed70090fd7d357023aacb05aac8771654
-
SSDEEP
24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rKUk3dVh/cviW:VrcNoLn3z82T16
Behavioral task
behavioral1
Sample
9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd.elf
Resource
debian9-armhf-20240611-en
Malware Config
Extracted
kaiji
ss.us-tv.top:1930
Targets
-
-
Target
9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd.elf
-
Size
2.0MB
-
MD5
a3ae5faa01a7db12ab76104d756cffe4
-
SHA1
976dcf62f67e5acc7dd97b81530e226532323104
-
SHA256
9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd
-
SHA512
5b1b9bea5dfcffbc15594b5d6f035c5b435a7af6e1d99fe9b7357a4a6c34f17b3216be60cb6b5eee802c772863ea971ed70090fd7d357023aacb05aac8771654
-
SSDEEP
24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rKUk3dVh/cviW:VrcNoLn3z82T16
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1