General
-
Target
ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124.elf
-
Size
1.9MB
-
Sample
241103-ef5qlaxlbp
-
MD5
e55a695d2530b3fb5c80256f6036de29
-
SHA1
cbf9fb21338b161a6b5ab67425e8afbcf9bbcd93
-
SHA256
ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124
-
SHA512
a59fec7fe64abf676a4b40737eaf4b5824daf78c78324ef1e8b58114f81bbeda4edb281fab0582026dd8363314905d0259b20ac842f9016f4da8bf1dab0fc89d
-
SSDEEP
49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38B4B+g2vUqHOErz1:tPXZz
Behavioral task
behavioral1
Sample
ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Extracted
kaiji
ss.us-tv.top:1930
Targets
-
-
Target
ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124.elf
-
Size
1.9MB
-
MD5
e55a695d2530b3fb5c80256f6036de29
-
SHA1
cbf9fb21338b161a6b5ab67425e8afbcf9bbcd93
-
SHA256
ce2944509d3936280343639c38ed5240f0a35c8d1dd63a00ce0eef1052325124
-
SHA512
a59fec7fe64abf676a4b40737eaf4b5824daf78c78324ef1e8b58114f81bbeda4edb281fab0582026dd8363314905d0259b20ac842f9016f4da8bf1dab0fc89d
-
SSDEEP
49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38B4B+g2vUqHOErz1:tPXZz
-
Kaiji
Kaiji payload
-
Kaiji family
-
Renames multiple (1040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1