General
-
Target
linux_arm7.elf
-
Size
5.1MB
-
Sample
250412-w6rp4azjy9
-
MD5
7e4d6ab20e0856e2695de54665833cec
-
SHA1
f6d6593a1b716780ea723e8d4ad122eae1dc16c5
-
SHA256
e03b170edb8f75e7585174957903b85f0758a56063da7750e3b5de54fb186600
-
SHA512
35d635d663960accf7b66717d73c6536cfe0be2b7a0dcf3246cb1f0099b9881c8aa5aab2f6d5b66367b56e8a249258c45c12696db44b02cf4817f0055156363d
-
SSDEEP
49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVlrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXq3
Behavioral task
behavioral1
Sample
linux_arm7.elf
Resource
debian9-armhf-20240729-en
Malware Config
Extracted
kaiji
aresapp.456789456.xyz:52462
Targets
-
-
Target
linux_arm7.elf
-
Size
5.1MB
-
MD5
7e4d6ab20e0856e2695de54665833cec
-
SHA1
f6d6593a1b716780ea723e8d4ad122eae1dc16c5
-
SHA256
e03b170edb8f75e7585174957903b85f0758a56063da7750e3b5de54fb186600
-
SHA512
35d635d663960accf7b66717d73c6536cfe0be2b7a0dcf3246cb1f0099b9881c8aa5aab2f6d5b66367b56e8a249258c45c12696db44b02cf4817f0055156363d
-
SSDEEP
49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVlrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXq3
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1