General
-
Target
linux_arm7.elf
-
Size
2.0MB
-
Sample
250412-w69kxazvfw
-
MD5
66f9a83ee3a8733a72c92e2def89abd1
-
SHA1
96f5a7e45b45e32bc68c01ed28fad1e09459d39b
-
SHA256
5f657d55424d0999ae5185ddba297d2466611122896e52be7f42e7da914f7c05
-
SHA512
aa39aedf7e80b9ceca0edf7a1028f59b139ddbbfdf208dbedd4382ccdbb41f806175a0948494deebcbc3571a2c3ada6a5e5b8b001e62013b562dbdf99931fd9f
-
SSDEEP
24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rK6k3dVh/cviW:VrcNoLd3z82T16
Behavioral task
behavioral1
Sample
linux_arm7.elf
Resource
debian9-armhf-20250410-en
Malware Config
Extracted
kaiji
aresweb.456789456.xyz:12345
Targets
-
-
Target
linux_arm7.elf
-
Size
2.0MB
-
MD5
66f9a83ee3a8733a72c92e2def89abd1
-
SHA1
96f5a7e45b45e32bc68c01ed28fad1e09459d39b
-
SHA256
5f657d55424d0999ae5185ddba297d2466611122896e52be7f42e7da914f7c05
-
SHA512
aa39aedf7e80b9ceca0edf7a1028f59b139ddbbfdf208dbedd4382ccdbb41f806175a0948494deebcbc3571a2c3ada6a5e5b8b001e62013b562dbdf99931fd9f
-
SSDEEP
24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rK6k3dVh/cviW:VrcNoLd3z82T16
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1