General

  • Target

    linux_arm5.elf

  • Size

    5.1MB

  • Sample

    241108-lcgmxszemd

  • MD5

    7ae2bf2f9f14a7d12ddcabd35701ce5d

  • SHA1

    9322e6ec979fb4e065ca9570e8289fb8f82aabe0

  • SHA256

    aedf713c05a9a68bf13e0485a626a2ee064cb7579ecdfb23b4098fab55dd3f2e

  • SHA512

    3aff84a8ebd51c030f817e736a9eb338448b93996a90f16b9310d8ead490fe6fa10e2760b484bfc12b6a8469ed5a958e9ef44cb52ff6815b27a0231499b0989a

  • SSDEEP

    49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhr+lYfQMcU1F1:OKY3U+qRxQ3qK5M

Malware Config

Extracted

Family

kaiji

C2

154.201.84.237:7850

Targets

    • Target

      linux_arm5.elf

    • Size

      5.1MB

    • MD5

      7ae2bf2f9f14a7d12ddcabd35701ce5d

    • SHA1

      9322e6ec979fb4e065ca9570e8289fb8f82aabe0

    • SHA256

      aedf713c05a9a68bf13e0485a626a2ee064cb7579ecdfb23b4098fab55dd3f2e

    • SHA512

      3aff84a8ebd51c030f817e736a9eb338448b93996a90f16b9310d8ead490fe6fa10e2760b484bfc12b6a8469ed5a958e9ef44cb52ff6815b27a0231499b0989a

    • SSDEEP

      49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhr+lYfQMcU1F1:OKY3U+qRxQ3qK5M

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks