General
-
Target
download.sh
-
Size
2KB
-
Sample
250416-w94h3atygy
-
MD5
544a2f391e2800bac07e883d902bcc75
-
SHA1
cea67c26c372d03b795bbba678569256385d3b83
-
SHA256
1dc484d51fb96c2097c2eb3695ff55d641e6778dbe8780cbbd0dbdfa688708ca
-
SHA512
f281a43fb6443bf15069aee5987d06d493bc0f0f47b927aea17115db168e6bf3271e5f37a0dc7f76defd21b60c24e513fcda0c2f109ce26f5bd4b802de184a4b
Static task
static1
Behavioral task
behavioral1
Sample
download.sh
Resource
ubuntu1804-amd64-20250410-en
Behavioral task
behavioral2
Sample
download.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
download.sh
Resource
debian9-mipsbe-20250410-en
Behavioral task
behavioral4
Sample
download.sh
Resource
debian9-mipsel-20250410-en
Malware Config
Extracted
kaiji
154.40.47.248:888
Extracted
kaiji
154.40.47.248:888
Targets
-
-
Target
download.sh
-
Size
2KB
-
MD5
544a2f391e2800bac07e883d902bcc75
-
SHA1
cea67c26c372d03b795bbba678569256385d3b83
-
SHA256
1dc484d51fb96c2097c2eb3695ff55d641e6778dbe8780cbbd0dbdfa688708ca
-
SHA512
f281a43fb6443bf15069aee5987d06d493bc0f0f47b927aea17115db168e6bf3271e5f37a0dc7f76defd21b60c24e513fcda0c2f109ce26f5bd4b802de184a4b
-
Kaiji
Kaiji payload
-
Kaiji family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1