General
-
Target
5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf.elf
-
Size
2.0MB
-
Sample
241103-dcawdawjhn
-
MD5
790576a357429568ac84093b6f785f3a
-
SHA1
b8a5de8ce8570856744717b9872afa7546c5a01e
-
SHA256
5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf
-
SHA512
245af8ba5b83069bb51d11735545dd72c9dafad667fc4ba3a2e19f9de254df8ce8ee21f003bfa2487553ffe4639a64a6aa729fe6e75d96345cf53c6bc43e500c
-
SSDEEP
24576:JgCbFbDVZ7bVCj3ozPQPTUkrtQ05OYRWNOrdErF4ff1kRrxnyVhv8uofvsRWA1SH:VCWpuM2T1s
Behavioral task
behavioral1
Sample
5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf.elf
Resource
debian9-armhf-20240611-en
Malware Config
Extracted
kaiji
ss.us-tv.top:1930
Targets
-
-
Target
5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf.elf
-
Size
2.0MB
-
MD5
790576a357429568ac84093b6f785f3a
-
SHA1
b8a5de8ce8570856744717b9872afa7546c5a01e
-
SHA256
5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf
-
SHA512
245af8ba5b83069bb51d11735545dd72c9dafad667fc4ba3a2e19f9de254df8ce8ee21f003bfa2487553ffe4639a64a6aa729fe6e75d96345cf53c6bc43e500c
-
SSDEEP
24576:JgCbFbDVZ7bVCj3ozPQPTUkrtQ05OYRWNOrdErF4ff1kRrxnyVhv8uofvsRWA1SH:VCWpuM2T1s
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1