General
-
Target
linux_amd64.elf
-
Size
5.2MB
-
Sample
250419-xgzvvaszhx
-
MD5
c4e724e0dc8ffca84df77d1880e3fec2
-
SHA1
700f978d0bb329991f18d5859c9a2d4e22b44a62
-
SHA256
dfb97975c5aa62dcf0c1e0dbe9ff6e9ed9662dc1703e701112f5b1bfa179bf12
-
SHA512
6fa023b96a5e49e5da1de248001b039d3397ee2e1867c167cc62d2a795c24eed7b69776b6673c9ca76571767c4230f19579e14c7466355da0039a52109abed31
-
SSDEEP
49152:6Af+Z7lUfrb/T4vO90dL3BmAFd4A64nsfJcQrXFdmS7KMQqangxlE9/XjIYUAbcg:3JPzGnUSfTjKEBc+
Behavioral task
behavioral1
Sample
linux_amd64.elf
Resource
ubuntu2004-amd64-20250410-en
Malware Config
Extracted
kaiji
2.59.151.111:8080
Targets
-
-
Target
linux_amd64.elf
-
Size
5.2MB
-
MD5
c4e724e0dc8ffca84df77d1880e3fec2
-
SHA1
700f978d0bb329991f18d5859c9a2d4e22b44a62
-
SHA256
dfb97975c5aa62dcf0c1e0dbe9ff6e9ed9662dc1703e701112f5b1bfa179bf12
-
SHA512
6fa023b96a5e49e5da1de248001b039d3397ee2e1867c167cc62d2a795c24eed7b69776b6673c9ca76571767c4230f19579e14c7466355da0039a52109abed31
-
SSDEEP
49152:6Af+Z7lUfrb/T4vO90dL3BmAFd4A64nsfJcQrXFdmS7KMQqangxlE9/XjIYUAbcg:3JPzGnUSfTjKEBc+
-
Renames multiple (1156) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1