General

  • Target

    0c1c800bbbce56afc46ceccc33b8e703d6f43673c92c07a43d2e980d0e427bde.elf

  • Size

    5.0MB

  • Sample

    241101-cn75kstphs

  • MD5

    248846ad88fdaccddece36b05811a576

  • SHA1

    2dac57a664c60e1dbe1b51bd75b74ab7980bff30

  • SHA256

    0c1c800bbbce56afc46ceccc33b8e703d6f43673c92c07a43d2e980d0e427bde

  • SHA512

    0923b7b888aa9e15cff490093f2b626ed864e11cd1b31dc6e52b633dc1a054e2eb211b96a033ecbe9455ce93469ffa625037125e20ad400e619188ab766e898e

  • SSDEEP

    49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNNp9hW16klbU6V:E33GlbU8FwmzzRDZ9maqRV

Malware Config

Extracted

Family

kaiji

C2

78789.dns.army:808

Targets

    • Target

      0c1c800bbbce56afc46ceccc33b8e703d6f43673c92c07a43d2e980d0e427bde.elf

    • Size

      5.0MB

    • MD5

      248846ad88fdaccddece36b05811a576

    • SHA1

      2dac57a664c60e1dbe1b51bd75b74ab7980bff30

    • SHA256

      0c1c800bbbce56afc46ceccc33b8e703d6f43673c92c07a43d2e980d0e427bde

    • SHA512

      0923b7b888aa9e15cff490093f2b626ed864e11cd1b31dc6e52b633dc1a054e2eb211b96a033ecbe9455ce93469ffa625037125e20ad400e619188ab766e898e

    • SSDEEP

      49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNNp9hW16klbU6V:E33GlbU8FwmzzRDZ9maqRV

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks