General

  • Target

    linux_amd64.elf

  • Size

    1.9MB

  • Sample

    250420-prtgtayms7

  • MD5

    1b997cb1ccb03e54aedb44bff4e0c6d2

  • SHA1

    3eaded110dc8cd5cb70f5d4ad732b6457793b4a0

  • SHA256

    608886eb32bec6a981ea010d24643a957f0840c0b499f143e03b3e7333462d1b

  • SHA512

    ad8aeeb77ce86b07d84e51b2adb1ba1f2c6798b1bb3bc3a34cd5aad1754d196380489abc659c3cb262497cb0c37472209bd05bb079ac37451533a28d4859c78d

  • SSDEEP

    49152:PTcFMvG6RMCg9orb/T9vO90d7HjmAFd4A64nsfJcFaJysrqftB+g2vUqHY/Wz1:wKbocwr

Malware Config

Extracted

Family

kaiji

C2

154.201.91.52:888

Targets

    • Target

      linux_amd64.elf

    • Size

      1.9MB

    • MD5

      1b997cb1ccb03e54aedb44bff4e0c6d2

    • SHA1

      3eaded110dc8cd5cb70f5d4ad732b6457793b4a0

    • SHA256

      608886eb32bec6a981ea010d24643a957f0840c0b499f143e03b3e7333462d1b

    • SHA512

      ad8aeeb77ce86b07d84e51b2adb1ba1f2c6798b1bb3bc3a34cd5aad1754d196380489abc659c3cb262497cb0c37472209bd05bb079ac37451533a28d4859c78d

    • SSDEEP

      49152:PTcFMvG6RMCg9orb/T9vO90d7HjmAFd4A64nsfJcFaJysrqftB+g2vUqHY/Wz1:wKbocwr

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks