General

  • Target

    linux_386.elf

  • Size

    5.0MB

  • Sample

    241110-gva6mstrdp

  • MD5

    4147e50daff23cbea5cf1faabb73b576

  • SHA1

    438816933c155b9f3d7e3b5758715b0e32f4cff6

  • SHA256

    1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4

  • SHA512

    92ec9f9f0230566511ee7ddaeb96c4423010299ac2f3318b49174a437c87a338fa354409ebc9b6fe242f0da0b112661a241260043c72c4f9ccf53e0832b4ce9e

  • SSDEEP

    49152:aIJ8Ou+wh2zUVtN9vEaBPC3uIdlLloDH8QEpOGr6KpZd1I1J:ayxyl/N9vROqci

Malware Config

Extracted

Family

kaiji

C2

38.55.251.57:8899

Targets

    • Target

      linux_386.elf

    • Size

      5.0MB

    • MD5

      4147e50daff23cbea5cf1faabb73b576

    • SHA1

      438816933c155b9f3d7e3b5758715b0e32f4cff6

    • SHA256

      1805a01f3d3ed529079daf427941f35ac1a808da1c70f416dc4bc0c2068c24a4

    • SHA512

      92ec9f9f0230566511ee7ddaeb96c4423010299ac2f3318b49174a437c87a338fa354409ebc9b6fe242f0da0b112661a241260043c72c4f9ccf53e0832b4ce9e

    • SSDEEP

      49152:aIJ8Ou+wh2zUVtN9vEaBPC3uIdlLloDH8QEpOGr6KpZd1I1J:ayxyl/N9vROqci

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks