kaiji | fc449e7ed4c667a93339d2a23bf422547048bb5905afc23d947fb5f5581f2802 | Triage

Sharing

General

Target

fc449e7ed4c667a93339d2a23bf422547048bb5905afc23d947fb5f5581f2802.elf
Size

5.6MB
Sample

250213-jcf1aavmdr
MD5

cfa76444048616e814928a88af3a27e9
SHA1

04bf106b0437f00c26ccc8d6cec67af0e426ef00
SHA256

fc449e7ed4c667a93339d2a23bf422547048bb5905afc23d947fb5f5581f2802
SHA512

d78f8311eb3403ee1d763a52c7adb77e8cb1c70c4a0efe5575402c478417102465e4ae7b93a9d539f4e8a961efdeb6659edfcc7321b3579d3c873c4c25e2bf6f
SSDEEP

98304:yC91hAFxvW6WGVqq7g3JDCg76dAuE8iW5ay5mIOX+aaNcc8pNkxXkz8xBs3K4HUk:yC91hAFxvW6WGVqq7g3JDCg76dAuE8ib

Score

10^/10

kaiji defense_evasion discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  fc449e7ed4c667a93339d2a23bf422547048bb5905afc23d947fb5f5581f2802.elf
- Size
  
  5.6MB
- MD5
  
  cfa76444048616e814928a88af3a27e9
- SHA1
  
  04bf106b0437f00c26ccc8d6cec67af0e426ef00
- SHA256
  
  fc449e7ed4c667a93339d2a23bf422547048bb5905afc23d947fb5f5581f2802
- SHA512
  
  d78f8311eb3403ee1d763a52c7adb77e8cb1c70c4a0efe5575402c478417102465e4ae7b93a9d539f4e8a961efdeb6659edfcc7321b3579d3c873c4c25e2bf6f
- SSDEEP
  
  98304:yC91hAFxvW6WGVqq7g3JDCg76dAuE8iW5ay5mIOX+aaNcc8pNkxXkz8xBs3K4HUk:yC91hAFxvW6WGVqq7g3JDCg76dAuE8ib
Score

7^/10

defense_evasion discovery persistence privilege_escalation
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation