General
-
Target
linux_arm6.elf
-
Size
5.1MB
-
Sample
250412-w7fn8azvgy
-
MD5
1694c7f4a11105a25c4ab1b2a08012b2
-
SHA1
bae22f26fd7ad1bc749ebbe46c33b34c3ad483f2
-
SHA256
b5fb1596b0b306ae93ecb350a0f27bbf6d5e53798779beeb4c11728237c422bb
-
SHA512
716eb69b24a5fc8759d080f024ddff6ef804421140a9a5131b191726eab35e416ae64d25a002a36ec2877fe1e265ac99bb66683206907aac9eb1b18b0f6ffbfd
-
SSDEEP
98304:8cSBHdgN2a7JP97kJru8cYWPAXqVu+60:8cS03tu+6
Behavioral task
behavioral1
Sample
linux_arm6.elf
Resource
debian12-armhf-20240729-en
Malware Config
Extracted
kaiji
aresapp.456789456.xyz:52462
Targets
-
-
Target
linux_arm6.elf
-
Size
5.1MB
-
MD5
1694c7f4a11105a25c4ab1b2a08012b2
-
SHA1
bae22f26fd7ad1bc749ebbe46c33b34c3ad483f2
-
SHA256
b5fb1596b0b306ae93ecb350a0f27bbf6d5e53798779beeb4c11728237c422bb
-
SHA512
716eb69b24a5fc8759d080f024ddff6ef804421140a9a5131b191726eab35e416ae64d25a002a36ec2877fe1e265ac99bb66683206907aac9eb1b18b0f6ffbfd
-
SSDEEP
98304:8cSBHdgN2a7JP97kJru8cYWPAXqVu+60:8cS03tu+6
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1