General

  • Target

    linux_arm7.elf

  • Size

    5.1MB

  • Sample

    241108-lcla4ssldr

  • MD5

    7c906062c4cbd0ca1eb795a1adcd48bb

  • SHA1

    8253d4e0fa13fe8a05961ffbf8e1245c9080556c

  • SHA256

    ff466605516a4e2b5b2baf5f98efff8178892a96d9043a77b29088953ea3f12a

  • SHA512

    37f969c03ec5c07e3d4facd241b0c5d808570f6535fb785aee85352d849278fdf98a091b5234fc104fd24251f6d6e79c19c4df53ff2079a4ec7c261255978b1c

  • SSDEEP

    49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvV0rzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqG

Malware Config

Extracted

Family

kaiji

C2

154.201.84.237:7850

Targets

    • Target

      linux_arm7.elf

    • Size

      5.1MB

    • MD5

      7c906062c4cbd0ca1eb795a1adcd48bb

    • SHA1

      8253d4e0fa13fe8a05961ffbf8e1245c9080556c

    • SHA256

      ff466605516a4e2b5b2baf5f98efff8178892a96d9043a77b29088953ea3f12a

    • SHA512

      37f969c03ec5c07e3d4facd241b0c5d808570f6535fb785aee85352d849278fdf98a091b5234fc104fd24251f6d6e79c19c4df53ff2079a4ec7c261255978b1c

    • SSDEEP

      49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvV0rzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqG

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks