General
-
Target
linux_386.elf
-
Size
5.0MB
-
Sample
250320-2453latqw6
-
MD5
21ef8d4e6816e58f43beb0aee2422366
-
SHA1
0fcb6e72f604ab6e2afef0a40433b06a29c373bb
-
SHA256
e353d704ff45ff8513fa0ce6685d6dcb84cf7921f6173a935c9a312cde206631
-
SHA512
e091ba1d17ca25af8718114884fa6c0724bc08c561df2adc80d4994eeb37ee2a16000c07c3bf91429c17a800e1af993a12f2a5be0696cb1459f86fdc0a7c8f3b
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uN+p9hW16klbU6V:E33GlbU8FwmzzRDZ9mpqRV
Malware Config
Extracted
kaiji
156.225.31.175:808
Targets
-
-
Target
linux_386.elf
-
Size
5.0MB
-
MD5
21ef8d4e6816e58f43beb0aee2422366
-
SHA1
0fcb6e72f604ab6e2afef0a40433b06a29c373bb
-
SHA256
e353d704ff45ff8513fa0ce6685d6dcb84cf7921f6173a935c9a312cde206631
-
SHA512
e091ba1d17ca25af8718114884fa6c0724bc08c561df2adc80d4994eeb37ee2a16000c07c3bf91429c17a800e1af993a12f2a5be0696cb1459f86fdc0a7c8f3b
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uN+p9hW16klbU6V:E33GlbU8FwmzzRDZ9mpqRV
Score10/10-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Renames multiple (1040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-