General
-
Target
7404e10435af30c30e192c2a02c2a2d4.bin
-
Size
2.2MB
-
Sample
241029-btevjszkgj
-
MD5
f22393bf8652236d072848bb336b1473
-
SHA1
969689adee63406ce4b5df3be6b0d7cedfb1c533
-
SHA256
4a1c05239915cc73f0831a116da751d417672293e9a2fcd62f37ed4d033b6a4a
-
SHA512
07bf507e234838690c9f1b08391323294fbcc7e8f2bccc0ac4b99f5d2aa32a3d5cf53103933c04398969f083e951431900e302f094b4c9df7803724884460c6f
-
SSDEEP
49152:Jg2kXfkG73mPt39QHoYTagF4TmdZS5gK24F:K2Vi259QHoYTaTmdZsFF
Behavioral task
behavioral1
Sample
aebdf73b18bc332d45cdc3b9f854eca40d17135bdf40a889fa352ce53383afa1.elf
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
kaiji
154.12.82.11:808
Targets
-
-
Target
aebdf73b18bc332d45cdc3b9f854eca40d17135bdf40a889fa352ce53383afa1.elf
-
Size
5.2MB
-
MD5
7404e10435af30c30e192c2a02c2a2d4
-
SHA1
471de41da156ab887bb9471716e1bd03e31a9648
-
SHA256
aebdf73b18bc332d45cdc3b9f854eca40d17135bdf40a889fa352ce53383afa1
-
SHA512
e5c68b44723f28aaa70c903e3ccbdf0f4a4d88a00e5aa41a46dcc7ac26b408232f95cedaab1f30bb07ce7f6ef523af3575f1df3dbc1796e11ce8f1201c02f6d1
-
SSDEEP
49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1L:b2ONLBzSxtST7ElHz
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1