General
-
Target
1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4.elf
-
Size
5.0MB
-
Sample
241111-ckwx5szfjn
-
MD5
4147e50daff23cbea5cf1faabb73b576
-
SHA1
438816933c155b9f3d7e3b5758715b0e32f4cff6
-
SHA256
1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4
-
SHA512
92ec9f9f0230566511ee7ddaeb96c4423010299ac2f3318b49174a437c87a338fa354409ebc9b6fe242f0da0b112661a241260043c72c4f9ccf53e0832b4ce9e
-
SSDEEP
49152:aIJ8Ou+wh2zUVtN9vEaBPC3uIdlLloDH8QEpOGr6KpZd1I1J:ayxyl/N9vROqci
Behavioral task
behavioral1
Sample
1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4.elf
Resource
ubuntu2404-amd64-20240729-en
Malware Config
Extracted
kaiji
38.55.251.57:8899
Targets
-
-
Target
1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4.elf
-
Size
5.0MB
-
MD5
4147e50daff23cbea5cf1faabb73b576
-
SHA1
438816933c155b9f3d7e3b5758715b0e32f4cff6
-
SHA256
1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4
-
SHA512
92ec9f9f0230566511ee7ddaeb96c4423010299ac2f3318b49174a437c87a338fa354409ebc9b6fe242f0da0b112661a241260043c72c4f9ccf53e0832b4ce9e
-
SSDEEP
49152:aIJ8Ou+wh2zUVtN9vEaBPC3uIdlLloDH8QEpOGr6KpZd1I1J:ayxyl/N9vROqci
-
Kaiji
Kaiji payload
-
Kaiji family
-
Renames multiple (1040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-