General

  • Target

    linux_arm7.elf

  • Size

    2.0MB

  • Sample

    250412-w69kxazvfw

  • MD5

    66f9a83ee3a8733a72c92e2def89abd1

  • SHA1

    96f5a7e45b45e32bc68c01ed28fad1e09459d39b

  • SHA256

    5f657d55424d0999ae5185ddba297d2466611122896e52be7f42e7da914f7c05

  • SHA512

    aa39aedf7e80b9ceca0edf7a1028f59b139ddbbfdf208dbedd4382ccdbb41f806175a0948494deebcbc3571a2c3ada6a5e5b8b001e62013b562dbdf99931fd9f

  • SSDEEP

    24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rK6k3dVh/cviW:VrcNoLd3z82T16

Malware Config

Extracted

Family

kaiji

C2

aresweb.456789456.xyz:12345

Targets

    • Target

      linux_arm7.elf

    • Size

      2.0MB

    • MD5

      66f9a83ee3a8733a72c92e2def89abd1

    • SHA1

      96f5a7e45b45e32bc68c01ed28fad1e09459d39b

    • SHA256

      5f657d55424d0999ae5185ddba297d2466611122896e52be7f42e7da914f7c05

    • SHA512

      aa39aedf7e80b9ceca0edf7a1028f59b139ddbbfdf208dbedd4382ccdbb41f806175a0948494deebcbc3571a2c3ada6a5e5b8b001e62013b562dbdf99931fd9f

    • SSDEEP

      24576:gNwGGRggwEGpD5IaZIJzIDgliOAMUh1Rskiq1zpQHCaRU7axVL0rK6k3dVh/cviW:VrcNoLd3z82T16

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks