General

  • Target

    668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf

  • Size

    2.0MB

  • Sample

    241103-qz76lsvhlb

  • MD5

    639af202eb3c903183b8ae3d8ba4951e

  • SHA1

    78ad606c247165cb75c4e349d9be702517203224

  • SHA256

    668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155

  • SHA512

    1eb84b880900795da9bb834e88422c8a81bd83f7fb0dcdf090f8b178b21e486e0010126bd249c84cf2b2f6dcad3fc0597acad073b299512fba8f9f02ef0c4767

  • SSDEEP

    24576:J1rMILphWsdRm6vM7lUVJtq8wfe9OqbVgYQ3k48jtIMoG34RJnWVh1BPnjKqZdtX:JVfjmRMo2T1

Malware Config

Extracted

Family

kaiji

C2

ss.us-tv.top:1930

Targets

    • Target

      668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf

    • Size

      2.0MB

    • MD5

      639af202eb3c903183b8ae3d8ba4951e

    • SHA1

      78ad606c247165cb75c4e349d9be702517203224

    • SHA256

      668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155

    • SHA512

      1eb84b880900795da9bb834e88422c8a81bd83f7fb0dcdf090f8b178b21e486e0010126bd249c84cf2b2f6dcad3fc0597acad073b299512fba8f9f02ef0c4767

    • SSDEEP

      24576:J1rMILphWsdRm6vM7lUVJtq8wfe9OqbVgYQ3k48jtIMoG34RJnWVh1BPnjKqZdtX:JVfjmRMo2T1

    • Renames multiple (1004) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks