General

  • Target

    linux_386.elf

  • Size

    5.0MB

  • Sample

    241104-sn192a1hrf

  • MD5

    70a5c3d8f1090bca95a681e493ed4bd7

  • SHA1

    aed4d2980a588c86aee6d12c4d598fb76a62e609

  • SHA256

    0b3a333c1f4c6802a71f9cebe9d106537c92dc0bd9ed125de41eba9af5b015c1

  • SHA512

    3cf26302247eea7dd3312f5ff5504e188dec58698c62c0236ed7f45de54bc235d11da9259b4daa775c954eb54ab9d5201962e91dc67eb49acee6fc560d0d8111

  • SSDEEP

    49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uN8p9hW16klbU6V:E33GlbU8FwmzzRDZ9mXqRV

Malware Config

Extracted

Family

kaiji

C2

78789.dns.army:7850

Targets

    • Target

      linux_386.elf

    • Size

      5.0MB

    • MD5

      70a5c3d8f1090bca95a681e493ed4bd7

    • SHA1

      aed4d2980a588c86aee6d12c4d598fb76a62e609

    • SHA256

      0b3a333c1f4c6802a71f9cebe9d106537c92dc0bd9ed125de41eba9af5b015c1

    • SHA512

      3cf26302247eea7dd3312f5ff5504e188dec58698c62c0236ed7f45de54bc235d11da9259b4daa775c954eb54ab9d5201962e91dc67eb49acee6fc560d0d8111

    • SSDEEP

      49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uN8p9hW16klbU6V:E33GlbU8FwmzzRDZ9mXqRV

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks