General

  • Target

    35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9.elf

  • Size

    5.1MB

  • Sample

    241105-c3zrrasfne

  • MD5

    b3d5067ad7cc5c330ea53579d837f8b3

  • SHA1

    a8519299f1ab0945ff9f5607fa308a01f8055454

  • SHA256

    35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9

  • SHA512

    e33b0ecae001719dbe5df6780c2e5ef04a27745ea2bb1e551a99115dec3b89c378313edfccea3829b3ed659d25c205658a183d273f248c8b9220bb679edea05f

  • SSDEEP

    49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvV/rzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqZ

Malware Config

Extracted

Family

kaiji

C2

78789.dns.army:7850

Targets

    • Target

      35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9.elf

    • Size

      5.1MB

    • MD5

      b3d5067ad7cc5c330ea53579d837f8b3

    • SHA1

      a8519299f1ab0945ff9f5607fa308a01f8055454

    • SHA256

      35808f69f5f76ddd48c2668e78256b04df0758c952d4b41323030c1ff160bac9

    • SHA512

      e33b0ecae001719dbe5df6780c2e5ef04a27745ea2bb1e551a99115dec3b89c378313edfccea3829b3ed659d25c205658a183d273f248c8b9220bb679edea05f

    • SSDEEP

      49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvV/rzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqZ

    • Renames multiple (1004) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks