General
-
Target
linux_386.elf
-
Size
1.8MB
-
Sample
250416-w94ttstyht
-
MD5
259800bf6d1eb21a74ff1737f9826a0a
-
SHA1
1a13ffb1f327ae411689568840b0e812b7d40a59
-
SHA256
5aa6cc2b09d7fa0d3c5b6826f872826f5d3afb9af18c001ea3f4f1a1ccb188f7
-
SHA512
d3b013396695920dde44c4bc8af2b91e9e4142592151056e27946af54096056f2a70d528c4fd9abb27042d6a5ed2839648fbe3054b3e8a218bf29586237c1beb
-
SSDEEP
24576:Inoxw1zy7RvFMNRlnmxlJgAaI0ODBBri8wnJPVwchQItBPUgpxv2SzVVOMaWz1v:s/MBFBuEItpRpsSIWz1
Behavioral task
behavioral1
Sample
linux_386.elf
Resource
ubuntu2204-amd64-20250307-en
Malware Config
Extracted
kaiji
154.40.47.248:809
Targets
-
-
Target
linux_386.elf
-
Size
1.8MB
-
MD5
259800bf6d1eb21a74ff1737f9826a0a
-
SHA1
1a13ffb1f327ae411689568840b0e812b7d40a59
-
SHA256
5aa6cc2b09d7fa0d3c5b6826f872826f5d3afb9af18c001ea3f4f1a1ccb188f7
-
SHA512
d3b013396695920dde44c4bc8af2b91e9e4142592151056e27946af54096056f2a70d528c4fd9abb27042d6a5ed2839648fbe3054b3e8a218bf29586237c1beb
-
SSDEEP
24576:Inoxw1zy7RvFMNRlnmxlJgAaI0ODBBri8wnJPVwchQItBPUgpxv2SzVVOMaWz1v:s/MBFBuEItpRpsSIWz1
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1