General
-
Target
3b0cc5dd65238abdc55e9c47d0d8660f.elf
-
Size
1.8MB
-
Sample
241102-dcw4lswpcz
-
MD5
3b0cc5dd65238abdc55e9c47d0d8660f
-
SHA1
81d42740e04d5378d96c1a8ebd7de21863225dc4
-
SHA256
a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e
-
SHA512
dbd19679e394a0ca56742f6b29fb8fc15adb0bfa6f714250b788a9b53199a1a74c9c39a94ea13fc5b06b846cc93c86f56ccdf34ffd1ad8cd09e826cf513f99df
-
SSDEEP
24576:ae9ufJvk4gQjMNRfktnsIXvZFyD9i+MPCIxyuzNqssZXJj4bdYVVMtIwWz1v:WYMnwRO4ssPcd5Wz1
Behavioral task
behavioral1
Sample
3b0cc5dd65238abdc55e9c47d0d8660f.elf
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
kaiji
ss.us-tv.top:1930
Targets
-
-
Target
3b0cc5dd65238abdc55e9c47d0d8660f.elf
-
Size
1.8MB
-
MD5
3b0cc5dd65238abdc55e9c47d0d8660f
-
SHA1
81d42740e04d5378d96c1a8ebd7de21863225dc4
-
SHA256
a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e
-
SHA512
dbd19679e394a0ca56742f6b29fb8fc15adb0bfa6f714250b788a9b53199a1a74c9c39a94ea13fc5b06b846cc93c86f56ccdf34ffd1ad8cd09e826cf513f99df
-
SSDEEP
24576:ae9ufJvk4gQjMNRfktnsIXvZFyD9i+MPCIxyuzNqssZXJj4bdYVVMtIwWz1v:WYMnwRO4ssPcd5Wz1
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1