General

  • Target

    1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226.elf

  • Size

    5.0MB

  • Sample

    241109-cqgemsvfnh

  • MD5

    1e4c4461dfa81b6076bdf0a9bc00a74d

  • SHA1

    58aa493d44d447167836dfdaf2c5962a8ff1485a

  • SHA256

    1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226

  • SHA512

    12c77d111f1e67fd8107cb384e3c7ec2531965e76f774e8b68d5b77d52ace9085eedd001fb5b3531340c2ed2033e253701a3daf6be55c6f3f03f9488760340aa

  • SSDEEP

    49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNZp9hW16klbU6V:E33GlbU8FwmzzRDZ9m2qRV

Malware Config

Extracted

Family

kaiji

C2

154.201.84.237:7850

Targets

    • Target

      1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226.elf

    • Size

      5.0MB

    • MD5

      1e4c4461dfa81b6076bdf0a9bc00a74d

    • SHA1

      58aa493d44d447167836dfdaf2c5962a8ff1485a

    • SHA256

      1d5e200772626aadffab6b6cd0d299bb6cf77cbbe5be20fddb79d69d93efc226

    • SHA512

      12c77d111f1e67fd8107cb384e3c7ec2531965e76f774e8b68d5b77d52ace9085eedd001fb5b3531340c2ed2033e253701a3daf6be55c6f3f03f9488760340aa

    • SSDEEP

      49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNZp9hW16klbU6V:E33GlbU8FwmzzRDZ9m2qRV

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks