General

  • Target

    f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7.elf

  • Size

    5.2MB

  • Sample

    241105-e53brstpe1

  • MD5

    bae9a695f6fcc69154e5a452076d6b94

  • SHA1

    f96737515620f86b11767587601d93b4ebbddcdb

  • SHA256

    f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7

  • SHA512

    7c4169fa9d1567a4850566fcea0eb6671f9213d2ebcdd384192f5fcf4ea52f0e6ac63a186ce698e47bec737a0dcbfaed833a2e95f054c7a952905cf0093add29

  • SSDEEP

    49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1I:b2ONLBzSxtSTKElHz

Malware Config

Extracted

Family

kaiji

C2

78789.dns.army:7850

Targets

    • Target

      f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7.elf

    • Size

      5.2MB

    • MD5

      bae9a695f6fcc69154e5a452076d6b94

    • SHA1

      f96737515620f86b11767587601d93b4ebbddcdb

    • SHA256

      f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7

    • SHA512

      7c4169fa9d1567a4850566fcea0eb6671f9213d2ebcdd384192f5fcf4ea52f0e6ac63a186ce698e47bec737a0dcbfaed833a2e95f054c7a952905cf0093add29

    • SSDEEP

      49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1I:b2ONLBzSxtSTKElHz

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks