General

  • Target

    99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96.elf

  • Size

    5.1MB

  • Sample

    241028-dg9khayhqq

  • MD5

    1a2806ff6c74b5c4c3cbe805c1d2cd6e

  • SHA1

    2526156ca310c2beef1dadf7f51eb3a341894b97

  • SHA256

    99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96

  • SHA512

    7c9ce5dd1292bccd955981a58a88b4227f9c4ab6c1838d4c6483ae38e8f40c17f7a423c09f3ea965789cf2dbb1e8c6f9f6e99574f31111056c7379911fb96030

  • SSDEEP

    49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhh+lYfQMcU1F1:OKY3U+qRxQ3qK3M

Malware Config

Extracted

Family

kaiji

C2

154.12.82.11:808

Targets

    • Target

      99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96.elf

    • Size

      5.1MB

    • MD5

      1a2806ff6c74b5c4c3cbe805c1d2cd6e

    • SHA1

      2526156ca310c2beef1dadf7f51eb3a341894b97

    • SHA256

      99d35546095e7fd450b1a5d2370654fa77b562e13a083b4d790ab2f4525cba96

    • SHA512

      7c9ce5dd1292bccd955981a58a88b4227f9c4ab6c1838d4c6483ae38e8f40c17f7a423c09f3ea965789cf2dbb1e8c6f9f6e99574f31111056c7379911fb96030

    • SSDEEP

      49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhh+lYfQMcU1F1:OKY3U+qRxQ3qK3M

    • Renames multiple (1004) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks