General
-
Target
1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226.elf
-
Size
5.0MB
-
Sample
241109-cqgemsvfnh
-
MD5
1e4c4461dfa81b6076bdf0a9bc00a74d
-
SHA1
58aa493d44d447167836dfdaf2c5962a8ff1485a
-
SHA256
1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226
-
SHA512
12c77d111f1e67fd8107cb384e3c7ec2531965e76f774e8b68d5b77d52ace9085eedd001fb5b3531340c2ed2033e253701a3daf6be55c6f3f03f9488760340aa
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNZp9hW16klbU6V:E33GlbU8FwmzzRDZ9m2qRV
Behavioral task
behavioral1
Sample
1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226.elf
Resource
ubuntu2204-amd64-20240729-en
Malware Config
Extracted
kaiji
154.201.84.237:7850
Targets
-
-
Target
1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226.elf
-
Size
5.0MB
-
MD5
1e4c4461dfa81b6076bdf0a9bc00a74d
-
SHA1
58aa493d44d447167836dfdaf2c5962a8ff1485a
-
SHA256
1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226
-
SHA512
12c77d111f1e67fd8107cb384e3c7ec2531965e76f774e8b68d5b77d52ace9085eedd001fb5b3531340c2ed2033e253701a3daf6be55c6f3f03f9488760340aa
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNZp9hW16klbU6V:E33GlbU8FwmzzRDZ9m2qRV
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1