General
-
Target
linux_amd64.elf
-
Size
5.2MB
-
Sample
241031-2tmhhavbpk
-
MD5
6d3f428719e3dc48f73dabe695677ce3
-
SHA1
682a189b9e804ba0a12e6cb20593abe83d80b55e
-
SHA256
32a02c701513fbf1bbfd9aa5671fcacd84a5d1f5ddde35b1ebb7f8b6babaa145
-
SHA512
6dc5b2e3e67d4871192cf7762fcde73e6560208f1040458738286b8d7e5d446a128712a2bf6f8a9403d95cb8001f78e7f126df95fd911176e84ad633e390b891
-
SSDEEP
49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1h:b2ONLBzSxtSTZElHz
Behavioral task
behavioral1
Sample
linux_amd64.elf
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
kaiji
78789.dns.army:808
Targets
-
-
Target
linux_amd64.elf
-
Size
5.2MB
-
MD5
6d3f428719e3dc48f73dabe695677ce3
-
SHA1
682a189b9e804ba0a12e6cb20593abe83d80b55e
-
SHA256
32a02c701513fbf1bbfd9aa5671fcacd84a5d1f5ddde35b1ebb7f8b6babaa145
-
SHA512
6dc5b2e3e67d4871192cf7762fcde73e6560208f1040458738286b8d7e5d446a128712a2bf6f8a9403d95cb8001f78e7f126df95fd911176e84ad633e390b891
-
SSDEEP
49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1h:b2ONLBzSxtSTZElHz
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1