General
-
Target
linux_amd64.elf
-
Size
1.9MB
-
Sample
250420-prtgtayms7
-
MD5
1b997cb1ccb03e54aedb44bff4e0c6d2
-
SHA1
3eaded110dc8cd5cb70f5d4ad732b6457793b4a0
-
SHA256
608886eb32bec6a981ea010d24643a957f0840c0b499f143e03b3e7333462d1b
-
SHA512
ad8aeeb77ce86b07d84e51b2adb1ba1f2c6798b1bb3bc3a34cd5aad1754d196380489abc659c3cb262497cb0c37472209bd05bb079ac37451533a28d4859c78d
-
SSDEEP
49152:PTcFMvG6RMCg9orb/T9vO90d7HjmAFd4A64nsfJcFaJysrqftB+g2vUqHY/Wz1:wKbocwr
Behavioral task
behavioral1
Sample
linux_amd64.elf
Resource
ubuntu2204-amd64-20250410-en
Malware Config
Extracted
kaiji
154.201.91.52:888
Targets
-
-
Target
linux_amd64.elf
-
Size
1.9MB
-
MD5
1b997cb1ccb03e54aedb44bff4e0c6d2
-
SHA1
3eaded110dc8cd5cb70f5d4ad732b6457793b4a0
-
SHA256
608886eb32bec6a981ea010d24643a957f0840c0b499f143e03b3e7333462d1b
-
SHA512
ad8aeeb77ce86b07d84e51b2adb1ba1f2c6798b1bb3bc3a34cd5aad1754d196380489abc659c3cb262497cb0c37472209bd05bb079ac37451533a28d4859c78d
-
SSDEEP
49152:PTcFMvG6RMCg9orb/T9vO90d7HjmAFd4A64nsfJcFaJysrqftB+g2vUqHY/Wz1:wKbocwr
-
Kaiji
Kaiji payload
-
Kaiji family
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1