kaiji | 1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb

Analysis

max time kernel
28s
max time network
33s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
21/03/2025, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf
Size

5.6MB
MD5

1bc524efea7982b3b6c8fca7c30286ec
SHA1

83021a81635d966164f19c8bfad1aeafd22f406b
SHA256

1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb
SHA512

4f5dd02820a316ab77dfb69d42265d4398af846f9b59c64e46de57c9bf05fd8a94208027008e1367641d052321de17c8e6874c722f24aa0e5db84443cd35fe4f
SSDEEP

49152:+RxVVRFMTwGupkYzfgh7rxQ2USaU85Jbq1rQcR6VYv0VF1:

Score

10^/10

kaiji discovery

Malware Config

Signatures

Kaiji 1 IoCs

Kaiji payload

resource	yara_rule
behavioral1/files/fstream-1.dat	Kaiji

Kaiji family
kaiji

kaiji_chaosbot 1 IoCs

Chaos-variant payload

resource	yara_rule
behavioral1/files/fstream-1.dat	kaiji_chaosbot

Executes dropped EXE 1 IoCs

ioc	pid	Process
/etc/32678	703	sh

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf

/tmp/1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf
/tmp/1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf
1⤵
- Enumerates kernel/hardware configuration
PID:690
- /bin/sh
  sh -c "/etc/32678&"
  2⤵
  - Executes dropped EXE
  PID:701
- /usr/sbin/service
  service crond start
  2⤵
  PID:705
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:707
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:718
- /tmp/1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf
  /tmp/1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb.elf " "
  2⤵
  - Enumerates kernel/hardware configuration
  PID:706
- - /usr/sbin/update-rc.d
    update-rc.d linux_kill defaults
    3⤵
    PID:712

/etc/32678
/etc/32678
1⤵
PID:703
- /bin/sleep
  sleep 60
  2⤵
  PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/32678

Filesize
61B

MD5
768eaf287796da19e1cf5e0b2fb1b161

SHA1
6a1ce2ee5ccc86d1f33806feb14547b35290df2a

SHA256
1d22620dfb2a6715e5d745aed5cf841ede0e75e1747f12b9b925a2d346bc7ecb

SHA512
e6af30c9df4f7f47696069511e64ecbc8e841629d692ee4056503df3533fb7a7a74960698826260355e1dba7b6c562482a27a39bb51a4237473ce4b68472d620

Download Submit
/etc/id.services.conf

Filesize
5.6MB

MD5
1bc524efea7982b3b6c8fca7c30286ec

SHA1
83021a81635d966164f19c8bfad1aeafd22f406b

SHA256
1ab8a8d49e1854d00ab7b67267eb40c4f96bfbfb5dd80dbed89c0fea0cd226fb

SHA512
4f5dd02820a316ab77dfb69d42265d4398af846f9b59c64e46de57c9bf05fd8a94208027008e1367641d052321de17c8e6874c722f24aa0e5db84443cd35fe4f

Download Submit
/etc/init.d/linux_kill

Filesize
189B

MD5
3909975f7cc0d1121c1819b800069f31

SHA1
3e68de708c2e6c40fab6794afdee3104e5590189

SHA256
6876dac71f13a068afb863d257134275f2edba43b2acaf4924fabf97c079070b

SHA512
50600cceeb03b05f45ae61d890caee9f51ff390b6776930866e527e071d65d08241fc66673fd9b99d62fbc77d3c00fc3de4d7378cbc42f5daba5d83072b0906e

Download Submit