General
-
Target
ae49891720a4fa75f48a58efd4fc5dcd369f8c99add24e781191616f46149457.elf
-
Size
5.0MB
-
Sample
241126-dp184a1nct
-
MD5
f5c59e70b89c03eb69f02a7be662ed59
-
SHA1
f1dc3d2d6c85692a2419517d3473bb370cf86510
-
SHA256
ae49891720a4fa75f48a58efd4fc5dcd369f8c99add24e781191616f46149457
-
SHA512
69a1fcdc968d5b2f2706a0c6294974d2cc211910033e8bd991ec9dad01eacf93b20dfb3c72f17130b29b53a8b1add45f04a6c1c7e1f81ff9f198184493354225
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNFp9hW16klbU6V:E33GlbU8FwmzzRDZ9mWqRV
Malware Config
Extracted
kaiji
aras.liveya.org:52462
Targets
-
-
Target
ae49891720a4fa75f48a58efd4fc5dcd369f8c99add24e781191616f46149457.elf
-
Size
5.0MB
-
MD5
f5c59e70b89c03eb69f02a7be662ed59
-
SHA1
f1dc3d2d6c85692a2419517d3473bb370cf86510
-
SHA256
ae49891720a4fa75f48a58efd4fc5dcd369f8c99add24e781191616f46149457
-
SHA512
69a1fcdc968d5b2f2706a0c6294974d2cc211910033e8bd991ec9dad01eacf93b20dfb3c72f17130b29b53a8b1add45f04a6c1c7e1f81ff9f198184493354225
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNFp9hW16klbU6V:E33GlbU8FwmzzRDZ9mWqRV
Score9/10-
Renames multiple (1156) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1