General
-
Target
668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf
-
Size
2.0MB
-
Sample
241103-qz76lsvhlb
-
MD5
639af202eb3c903183b8ae3d8ba4951e
-
SHA1
78ad606c247165cb75c4e349d9be702517203224
-
SHA256
668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155
-
SHA512
1eb84b880900795da9bb834e88422c8a81bd83f7fb0dcdf090f8b178b21e486e0010126bd249c84cf2b2f6dcad3fc0597acad073b299512fba8f9f02ef0c4767
-
SSDEEP
24576:J1rMILphWsdRm6vM7lUVJtq8wfe9OqbVgYQ3k48jtIMoG34RJnWVh1BPnjKqZdtX:JVfjmRMo2T1
Behavioral task
behavioral1
Sample
668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf
Resource
debian12-armhf-20240221-en
Malware Config
Extracted
kaiji
ss.us-tv.top:1930
Targets
-
-
Target
668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf
-
Size
2.0MB
-
MD5
639af202eb3c903183b8ae3d8ba4951e
-
SHA1
78ad606c247165cb75c4e349d9be702517203224
-
SHA256
668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155
-
SHA512
1eb84b880900795da9bb834e88422c8a81bd83f7fb0dcdf090f8b178b21e486e0010126bd249c84cf2b2f6dcad3fc0597acad073b299512fba8f9f02ef0c4767
-
SSDEEP
24576:J1rMILphWsdRm6vM7lUVJtq8wfe9OqbVgYQ3k48jtIMoG34RJnWVh1BPnjKqZdtX:JVfjmRMo2T1
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1