General
-
Target
3518391.bin
-
Size
5.1MB
-
Sample
250422-qpcxqawydw
-
MD5
ca5b8f484fc79caa4cef1de0c36b93b3
-
SHA1
9b1e3d0eabb3577cbd6133d7456033138979d01c
-
SHA256
3df47d8e5bfa5787486ba7545ad84fdf18c129b464720d2f9dc88b627e3ad733
-
SHA512
21ca74a1586496152f37b44f382a025e0b0dd40d5bf334a8cdbdfc9214d7cb67ffb06d8f65ada95a1fc2567d99d4b16e6ab5526257541f67fa65da9b8be636c6
-
SSDEEP
49152:M9Hh50EYVdSpSLLXbSrMG7bMSQeLMEAxh+PaOWU1F1:mHh50EYXSpuLXmS+Pa
Behavioral task
behavioral1
Sample
3518391.bin
Resource
debian12-armhf-20240418-en
Malware Config
Extracted
kaiji
2.59.151.111:8080
Targets
-
-
Target
3518391.bin
-
Size
5.1MB
-
MD5
ca5b8f484fc79caa4cef1de0c36b93b3
-
SHA1
9b1e3d0eabb3577cbd6133d7456033138979d01c
-
SHA256
3df47d8e5bfa5787486ba7545ad84fdf18c129b464720d2f9dc88b627e3ad733
-
SHA512
21ca74a1586496152f37b44f382a025e0b0dd40d5bf334a8cdbdfc9214d7cb67ffb06d8f65ada95a1fc2567d99d4b16e6ab5526257541f67fa65da9b8be636c6
-
SSDEEP
49152:M9Hh50EYVdSpSLLXbSrMG7bMSQeLMEAxh+PaOWU1F1:mHh50EYXSpuLXmS+Pa
-
Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1