General
-
Target
linux_386.elf
-
Size
5.0MB
-
Sample
241104-sn192a1hrf
-
MD5
70a5c3d8f1090bca95a681e493ed4bd7
-
SHA1
aed4d2980a588c86aee6d12c4d598fb76a62e609
-
SHA256
0b3a333c1f4c6802a71f9cebe9d106537c92dc0bd9ed125de41eba9af5b015c1
-
SHA512
3cf26302247eea7dd3312f5ff5504e188dec58698c62c0236ed7f45de54bc235d11da9259b4daa775c954eb54ab9d5201962e91dc67eb49acee6fc560d0d8111
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uN8p9hW16klbU6V:E33GlbU8FwmzzRDZ9mXqRV
Behavioral task
behavioral1
Sample
linux_386.elf
Resource
ubuntu1804-amd64-20240729-en
Malware Config
Extracted
kaiji
78789.dns.army:7850
Targets
-
-
Target
linux_386.elf
-
Size
5.0MB
-
MD5
70a5c3d8f1090bca95a681e493ed4bd7
-
SHA1
aed4d2980a588c86aee6d12c4d598fb76a62e609
-
SHA256
0b3a333c1f4c6802a71f9cebe9d106537c92dc0bd9ed125de41eba9af5b015c1
-
SHA512
3cf26302247eea7dd3312f5ff5504e188dec58698c62c0236ed7f45de54bc235d11da9259b4daa775c954eb54ab9d5201962e91dc67eb49acee6fc560d0d8111
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uN8p9hW16klbU6V:E33GlbU8FwmzzRDZ9mXqRV
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2Boot or Logon Initialization Scripts
1RC Scripts
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1