General
-
Target
linux_arm7.elf
-
Size
2.0MB
-
Sample
250420-prt4caymt4
-
MD5
3b1d849963b2c09dd7f056582a620909
-
SHA1
5b40d62d0e1b5f33f6419ed9fdad0418fe93fb17
-
SHA256
4660b0c1bc0d913e7b7f342001284f11c4d048fe7c0fb4e4f6586c26574bf2ec
-
SHA512
29532ac4e2f32ea64f15c3b011f53d87842dd296383ad84f9bd7fa18e4d29d6a4c901121a0d7c7911703a8494f5129138af5d3dec24cbaaaa8171a023f147a5f
-
SSDEEP
24576:sG/LbVzKHSGLGrs4ICJHfRFMX/vwshhILrZaq7xNpvpPEE93nH/aqVhqHviGC2+q:djZ/aGL2T1
Behavioral task
behavioral1
Sample
linux_arm7.elf
Resource
debian12-armhf-20240418-en
Malware Config
Extracted
kaiji
154.201.91.52:888
Targets
-
-
Target
linux_arm7.elf
-
Size
2.0MB
-
MD5
3b1d849963b2c09dd7f056582a620909
-
SHA1
5b40d62d0e1b5f33f6419ed9fdad0418fe93fb17
-
SHA256
4660b0c1bc0d913e7b7f342001284f11c4d048fe7c0fb4e4f6586c26574bf2ec
-
SHA512
29532ac4e2f32ea64f15c3b011f53d87842dd296383ad84f9bd7fa18e4d29d6a4c901121a0d7c7911703a8494f5129138af5d3dec24cbaaaa8171a023f147a5f
-
SSDEEP
24576:sG/LbVzKHSGLGrs4ICJHfRFMX/vwshhILrZaq7xNpvpPEE93nH/aqVhqHviGC2+q:djZ/aGL2T1
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1