General
-
Target
4GGW4_linux_arm5.elf
-
Size
2.0MB
-
Sample
250412-xb55nszkt9
-
MD5
a27d74c4b92bd0c318c197a989de939e
-
SHA1
1f445f0d5355c86289bea4cca14b68508be42235
-
SHA256
c7c5d317437fd744317b2298306ef6e9dbf47d64753cb149fe80d5e23a83bc9c
-
SHA512
f51e02f7cafb9c0abbef3f7fb8bf751e5267fa839f8570393aa7c27cfcd8993f6bd098e2ac34c4483ea4c5e8cf8f64c6d68e8543f3ec06a79bee33331cad307e
-
SSDEEP
24576:J1rMILphWsdRm6vM7lUVJtq8wfe9OqbVgYQ3k48jtIMoG34LJnWVh1BPnjKqZdtX:JVfjm/Mo2T1
Behavioral task
behavioral1
Sample
4GGW4_linux_arm5.elf
Resource
debian9-armhf-20250410-en
Malware Config
Extracted
kaiji
aresweb.456789456.xyz:12345
Targets
-
-
Target
4GGW4_linux_arm5.elf
-
Size
2.0MB
-
MD5
a27d74c4b92bd0c318c197a989de939e
-
SHA1
1f445f0d5355c86289bea4cca14b68508be42235
-
SHA256
c7c5d317437fd744317b2298306ef6e9dbf47d64753cb149fe80d5e23a83bc9c
-
SHA512
f51e02f7cafb9c0abbef3f7fb8bf751e5267fa839f8570393aa7c27cfcd8993f6bd098e2ac34c4483ea4c5e8cf8f64c6d68e8543f3ec06a79bee33331cad307e
-
SSDEEP
24576:J1rMILphWsdRm6vM7lUVJtq8wfe9OqbVgYQ3k48jtIMoG34LJnWVh1BPnjKqZdtX:JVfjm/Mo2T1
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1