General

  • Target

    7404e10435af30c30e192c2a02c2a2d4.bin

  • Size

    2.2MB

  • Sample

    241029-btevjszkgj

  • MD5

    f22393bf8652236d072848bb336b1473

  • SHA1

    969689adee63406ce4b5df3be6b0d7cedfb1c533

  • SHA256

    4a1c05239915cc73f0831a116da751d417672293e9a2fcd62f37ed4d033b6a4a

  • SHA512

    07bf507e234838690c9f1b08391323294fbcc7e8f2bccc0ac4b99f5d2aa32a3d5cf53103933c04398969f083e951431900e302f094b4c9df7803724884460c6f

  • SSDEEP

    49152:Jg2kXfkG73mPt39QHoYTagF4TmdZS5gK24F:K2Vi259QHoYTaTmdZsFF

Malware Config

Extracted

Family

kaiji

C2

154.12.82.11:808

Targets

    • Target

      aebdf73b18bc332d45cdc3b9f854eca40d17135bdf40a889fa352ce53383afa1.elf

    • Size

      5.2MB

    • MD5

      7404e10435af30c30e192c2a02c2a2d4

    • SHA1

      471de41da156ab887bb9471716e1bd03e31a9648

    • SHA256

      aebdf73b18bc332d45cdc3b9f854eca40d17135bdf40a889fa352ce53383afa1

    • SHA512

      e5c68b44723f28aaa70c903e3ccbdf0f4a4d88a00e5aa41a46dcc7ac26b408232f95cedaab1f30bb07ce7f6ef523af3575f1df3dbc1796e11ce8f1201c02f6d1

    • SSDEEP

      49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1L:b2ONLBzSxtST7ElHz

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks