General

  • Target

    a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e.elf

  • Size

    1.8MB

  • Sample

    241103-r4lzlsxdpm

  • MD5

    3b0cc5dd65238abdc55e9c47d0d8660f

  • SHA1

    81d42740e04d5378d96c1a8ebd7de21863225dc4

  • SHA256

    a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e

  • SHA512

    dbd19679e394a0ca56742f6b29fb8fc15adb0bfa6f714250b788a9b53199a1a74c9c39a94ea13fc5b06b846cc93c86f56ccdf34ffd1ad8cd09e826cf513f99df

  • SSDEEP

    24576:ae9ufJvk4gQjMNRfktnsIXvZFyD9i+MPCIxyuzNqssZXJj4bdYVVMtIwWz1v:WYMnwRO4ssPcd5Wz1

Malware Config

Extracted

Family

kaiji

C2

ss.us-tv.top:1930

Targets

    • Target

      a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e.elf

    • Size

      1.8MB

    • MD5

      3b0cc5dd65238abdc55e9c47d0d8660f

    • SHA1

      81d42740e04d5378d96c1a8ebd7de21863225dc4

    • SHA256

      a65f1664ac6666e1e1b324464d5a3a125c89764940a022d056b9a2d65ad5ed0e

    • SHA512

      dbd19679e394a0ca56742f6b29fb8fc15adb0bfa6f714250b788a9b53199a1a74c9c39a94ea13fc5b06b846cc93c86f56ccdf34ffd1ad8cd09e826cf513f99df

    • SSDEEP

      24576:ae9ufJvk4gQjMNRfktnsIXvZFyD9i+MPCIxyuzNqssZXJj4bdYVVMtIwWz1v:WYMnwRO4ssPcd5Wz1

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks