General
-
Target
linux_arm5.elf
-
Size
2.0MB
-
Sample
250416-xanh8styh1
-
MD5
f18fa7b1e7437460d01654ea9e134e29
-
SHA1
3ac4b626f05253533ed401cd958d7a82d66e6acf
-
SHA256
8235183b4bbede6402a39a1db714593fc27fecfda575347ebb0d3f87ac793254
-
SHA512
524a437556d1a4a9202b99d35e20af417dbd38ba08f872db73d478c065178b78c78102deee89a6a7d1b78e8534d669ef573ac9235ab80fe59c6787489e8bee25
-
SSDEEP
24576:NmGM05U6zdl5megDmMTwJCmxjZthdwpVQsl6nBVSDr21p27DCcSXHXHVhSBPnjKm:N/bNmkr12T1
Behavioral task
behavioral1
Sample
linux_arm5.elf
Resource
debian9-armhf-20250410-en
Malware Config
Extracted
kaiji
154.40.47.248:888
Targets
-
-
Target
linux_arm5.elf
-
Size
2.0MB
-
MD5
f18fa7b1e7437460d01654ea9e134e29
-
SHA1
3ac4b626f05253533ed401cd958d7a82d66e6acf
-
SHA256
8235183b4bbede6402a39a1db714593fc27fecfda575347ebb0d3f87ac793254
-
SHA512
524a437556d1a4a9202b99d35e20af417dbd38ba08f872db73d478c065178b78c78102deee89a6a7d1b78e8534d669ef573ac9235ab80fe59c6787489e8bee25
-
SSDEEP
24576:NmGM05U6zdl5megDmMTwJCmxjZthdwpVQsl6nBVSDr21p27DCcSXHXHVhSBPnjKm:N/bNmkr12T1
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1