General

  • Target

    5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf.elf

  • Size

    2.0MB

  • Sample

    241103-dcawdawjhn

  • MD5

    790576a357429568ac84093b6f785f3a

  • SHA1

    b8a5de8ce8570856744717b9872afa7546c5a01e

  • SHA256

    5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf

  • SHA512

    245af8ba5b83069bb51d11735545dd72c9dafad667fc4ba3a2e19f9de254df8ce8ee21f003bfa2487553ffe4639a64a6aa729fe6e75d96345cf53c6bc43e500c

  • SSDEEP

    24576:JgCbFbDVZ7bVCj3ozPQPTUkrtQ05OYRWNOrdErF4ff1kRrxnyVhv8uofvsRWA1SH:VCWpuM2T1s

Malware Config

Extracted

Family

kaiji

C2

ss.us-tv.top:1930

Targets

    • Target

      5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf.elf

    • Size

      2.0MB

    • MD5

      790576a357429568ac84093b6f785f3a

    • SHA1

      b8a5de8ce8570856744717b9872afa7546c5a01e

    • SHA256

      5b1c5fca09994aa52e8e572d48c6569b04b531cd334f3e4d4e1fc2c3e77ce0cf

    • SHA512

      245af8ba5b83069bb51d11735545dd72c9dafad667fc4ba3a2e19f9de254df8ce8ee21f003bfa2487553ffe4639a64a6aa729fe6e75d96345cf53c6bc43e500c

    • SSDEEP

      24576:JgCbFbDVZ7bVCj3ozPQPTUkrtQ05OYRWNOrdErF4ff1kRrxnyVhv8uofvsRWA1SH:VCWpuM2T1s

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks