General

  • Target

    82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73.elf

  • Size

    5.1MB

  • Sample

    241028-dd92vsyhlj

  • MD5

    a2e0241dceb36d1b79593b0fa1326773

  • SHA1

    c9b68bf5b313cf0db314273fdc8e9b236d328e30

  • SHA256

    82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73

  • SHA512

    5b2760d5fffacf377a4610c08ff07f46d43a9d8ac823500629320136284e638e86765e3a120d4f464a6e4c381bfb51ddbf36713ed7a1cb233e8faf3012080db1

  • SSDEEP

    49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVCrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqg

Malware Config

Extracted

Family

kaiji

C2

154.12.82.11:808

Targets

    • Target

      82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73.elf

    • Size

      5.1MB

    • MD5

      a2e0241dceb36d1b79593b0fa1326773

    • SHA1

      c9b68bf5b313cf0db314273fdc8e9b236d328e30

    • SHA256

      82711d6427c929a1f0d6524128b25904ecc675afdc2ee20a77081323b6242e73

    • SHA512

      5b2760d5fffacf377a4610c08ff07f46d43a9d8ac823500629320136284e638e86765e3a120d4f464a6e4c381bfb51ddbf36713ed7a1cb233e8faf3012080db1

    • SSDEEP

      49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVCrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqg

    • Renames multiple (1004) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks