General
-
Target
linux_arm5.elf
-
Size
5.1MB
-
Sample
241104-vqak7swncr
-
MD5
8f76671858191f5131c22b14e0d02ce3
-
SHA1
6c0ef009d4013f0ee45f53912ce16704767208b0
-
SHA256
e73d0a5c7b43c91097089328a27d3fd95db015395c5ecd7b91d045e29a255d2b
-
SHA512
20b7d70ec04cad48a0bbb4d72ab1c99fef0eae5c2a59cbd3a1eca48c675ddbb8585c4f49a70bf9f3df8ccd0cf27790254e21a289852312ab28c52fabc90bcd15
-
SSDEEP
49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhM+lYfQMcU1F1:OKY3U+qRxQ3qK8M
Behavioral task
behavioral1
Sample
linux_arm5.elf
Resource
debian9-armhf-20240729-en
Malware Config
Extracted
kaiji
78789.dns.army:7850
Targets
-
-
Target
linux_arm5.elf
-
Size
5.1MB
-
MD5
8f76671858191f5131c22b14e0d02ce3
-
SHA1
6c0ef009d4013f0ee45f53912ce16704767208b0
-
SHA256
e73d0a5c7b43c91097089328a27d3fd95db015395c5ecd7b91d045e29a255d2b
-
SHA512
20b7d70ec04cad48a0bbb4d72ab1c99fef0eae5c2a59cbd3a1eca48c675ddbb8585c4f49a70bf9f3df8ccd0cf27790254e21a289852312ab28c52fabc90bcd15
-
SSDEEP
49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhM+lYfQMcU1F1:OKY3U+qRxQ3qK8M
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1