General

  • Target

    9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd.elf

  • Size

    2.0MB

  • Sample

    241103-d2wt5stfqn

  • MD5

    a3ae5faa01a7db12ab76104d756cffe4

  • SHA1

    976dcf62f67e5acc7dd97b81530e226532323104

  • SHA256

    9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd

  • SHA512

    5b1b9bea5dfcffbc15594b5d6f035c5b435a7af6e1d99fe9b7357a4a6c34f17b3216be60cb6b5eee802c772863ea971ed70090fd7d357023aacb05aac8771654

  • SSDEEP

    24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rKUk3dVh/cviW:VrcNoLn3z82T16

Malware Config

Extracted

Family

kaiji

C2

ss.us-tv.top:1930

Targets

    • Target

      9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd.elf

    • Size

      2.0MB

    • MD5

      a3ae5faa01a7db12ab76104d756cffe4

    • SHA1

      976dcf62f67e5acc7dd97b81530e226532323104

    • SHA256

      9c176e91a4175ef8e14a6408ab340439f6eb0f3d12c0c38d34bfdc44e8e278cd

    • SHA512

      5b1b9bea5dfcffbc15594b5d6f035c5b435a7af6e1d99fe9b7357a4a6c34f17b3216be60cb6b5eee802c772863ea971ed70090fd7d357023aacb05aac8771654

    • SSDEEP

      24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rKUk3dVh/cviW:VrcNoLn3z82T16

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks