General
-
Target
f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7.elf
-
Size
5.2MB
-
Sample
241105-e53brstpe1
-
MD5
bae9a695f6fcc69154e5a452076d6b94
-
SHA1
f96737515620f86b11767587601d93b4ebbddcdb
-
SHA256
f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7
-
SHA512
7c4169fa9d1567a4850566fcea0eb6671f9213d2ebcdd384192f5fcf4ea52f0e6ac63a186ce698e47bec737a0dcbfaed833a2e95f054c7a952905cf0093add29
-
SSDEEP
49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1I:b2ONLBzSxtSTKElHz
Behavioral task
behavioral1
Sample
f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7.elf
Resource
ubuntu2204-amd64-20240729-en
Malware Config
Extracted
kaiji
78789.dns.army:7850
Targets
-
-
Target
f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7.elf
-
Size
5.2MB
-
MD5
bae9a695f6fcc69154e5a452076d6b94
-
SHA1
f96737515620f86b11767587601d93b4ebbddcdb
-
SHA256
f0b064eb06f164b0d61e609930be5b50e15963ae5369dd9594c50174d9951dc7
-
SHA512
7c4169fa9d1567a4850566fcea0eb6671f9213d2ebcdd384192f5fcf4ea52f0e6ac63a186ce698e47bec737a0dcbfaed833a2e95f054c7a952905cf0093add29
-
SSDEEP
49152:7Xa6xzZWhrb/T4vO90dL3BmAFd4A64nsfJPJ6TdXnT9aqeJaz2xNkapDnYRQoj1I:b2ONLBzSxtSTKElHz
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1