General

  • Target

    e73d0a5c7b43c91097089328a27d3fd95db015395c5ecd7b91d045e29a255d2b.elf

  • Size

    5.1MB

  • Sample

    241105-e2y5yavbmb

  • MD5

    8f76671858191f5131c22b14e0d02ce3

  • SHA1

    6c0ef009d4013f0ee45f53912ce16704767208b0

  • SHA256

    e73d0a5c7b43c91097089328a27d3fd95db015395c5ecd7b91d045e29a255d2b

  • SHA512

    20b7d70ec04cad48a0bbb4d72ab1c99fef0eae5c2a59cbd3a1eca48c675ddbb8585c4f49a70bf9f3df8ccd0cf27790254e21a289852312ab28c52fabc90bcd15

  • SSDEEP

    49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhM+lYfQMcU1F1:OKY3U+qRxQ3qK8M

Malware Config

Extracted

Family

kaiji

C2

78789.dns.army:7850

Targets

    • Target

      e73d0a5c7b43c91097089328a27d3fd95db015395c5ecd7b91d045e29a255d2b.elf

    • Size

      5.1MB

    • MD5

      8f76671858191f5131c22b14e0d02ce3

    • SHA1

      6c0ef009d4013f0ee45f53912ce16704767208b0

    • SHA256

      e73d0a5c7b43c91097089328a27d3fd95db015395c5ecd7b91d045e29a255d2b

    • SHA512

      20b7d70ec04cad48a0bbb4d72ab1c99fef0eae5c2a59cbd3a1eca48c675ddbb8585c4f49a70bf9f3df8ccd0cf27790254e21a289852312ab28c52fabc90bcd15

    • SSDEEP

      49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhM+lYfQMcU1F1:OKY3U+qRxQ3qK8M

    • Renames multiple (1004) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks