General
-
Target
35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9.elf
-
Size
5.1MB
-
Sample
241105-c3zrrasfne
-
MD5
b3d5067ad7cc5c330ea53579d837f8b3
-
SHA1
a8519299f1ab0945ff9f5607fa308a01f8055454
-
SHA256
35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9
-
SHA512
e33b0ecae001719dbe5df6780c2e5ef04a27745ea2bb1e551a99115dec3b89c378313edfccea3829b3ed659d25c205658a183d273f248c8b9220bb679edea05f
-
SSDEEP
49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvV/rzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqZ
Behavioral task
behavioral1
Sample
35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9.elf
Resource
debian12-armhf-20240221-en
Malware Config
Extracted
kaiji
78789.dns.army:7850
Targets
-
-
Target
35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9.elf
-
Size
5.1MB
-
MD5
b3d5067ad7cc5c330ea53579d837f8b3
-
SHA1
a8519299f1ab0945ff9f5607fa308a01f8055454
-
SHA256
35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9
-
SHA512
e33b0ecae001719dbe5df6780c2e5ef04a27745ea2bb1e551a99115dec3b89c378313edfccea3829b3ed659d25c205658a183d273f248c8b9220bb679edea05f
-
SSDEEP
49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvV/rzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqZ
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1