kaiji | 2dd21a527dffafd90a448aec0020ee3ebc04c82dc416f6e51dd779c07325eff9 | Triage

Sharing

General

Target

2dd21a527dffafd90a448aec0020ee3ebc04c82dc416f6e51dd779c07325eff9.zip
Size

1.8MB
Sample

250325-svqrwa1rx9
MD5

dcde84fa1fd853fcb3dfa5808cffc1fc
SHA1

ce7711c7a3f001f55e3de79af9f3ec3b7a7e0db8
SHA256

2dd21a527dffafd90a448aec0020ee3ebc04c82dc416f6e51dd779c07325eff9
SHA512

087e17548ebe92a7ee396d6c4831d7d3fdd4fc218f0aad97cacfbce466abdff03908693d3cfdeb2b645a2dce00be21145e0da06f3387b5fd61b4704f37341841
SSDEEP

49152:QPLuznmxE70dqzO8mR/XP9NQvdsjOKkLPxpt8F:QPLuzmxE70dVP9NQAYLPNA

Score

10^/10

kaiji defense_evasion discovery execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  39facd0a87d60a84ea414a419bc5ecd39d4271bb88ea133478d092380c7b783f.elf
- Size
  
  4.8MB
- MD5
  
  8dd4e8aa792327600a2ae50afb485ea6
- SHA1
  
  6aeb7fc9f46a832760caa35abcf7c81f7aed2db5
- SHA256
  
  39facd0a87d60a84ea414a419bc5ecd39d4271bb88ea133478d092380c7b783f
- SHA512
  
  4f09ad0859b1de517f345808e5a1012ef45b0145b10c922ce64a4a69baf840aa4251f350b8e6289c1f11531dfe2d7e0547238de23b67b0186d9e1c84431ad604
- SSDEEP
  
  49152:g6TtJkTzqkRMAoBjTMyZVgcTQ93sPfGj0n:qno
Score

10^/10

kaiji defense_evasion discovery execution persistence privilege_escalation
- Kaiji
  Kaiji payload
- Kaiji family
  kaiji
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence privilege_escalation defense_evasion
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Scheduled Task/Job

Cron

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kaijidefense_evasiondiscoveryexecutionpersistenceprivilege_escalation