General

  • Target

    linux_amd64.elf

  • Size

    1.9MB

  • Sample

    250412-w6qssszvd1

  • MD5

    49b774a18bda406027264124ce697f2c

  • SHA1

    91d32e9895e67590d7fdd1ae4b366903e5b3fac0

  • SHA256

    bbe51e64bbd5c6c1fa9527edf487ac64beff5abc1e8e2daab1bb2a55b4457bb4

  • SHA512

    4e91ddead22e68f9e0e7053a8611f5d92e87dff75ed6d0db56a197fb5d9fe1da71448ae20bdd1d95483bc82cbc881b058bf8097f86fde91457f4e95a107ef153

  • SSDEEP

    49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38T4B+g2vUqHOErz1:tPXZz

Malware Config

Extracted

Family

kaiji

C2

aresweb.456789456.xyz:12345

Targets

    • Target

      linux_amd64.elf

    • Size

      1.9MB

    • MD5

      49b774a18bda406027264124ce697f2c

    • SHA1

      91d32e9895e67590d7fdd1ae4b366903e5b3fac0

    • SHA256

      bbe51e64bbd5c6c1fa9527edf487ac64beff5abc1e8e2daab1bb2a55b4457bb4

    • SHA512

      4e91ddead22e68f9e0e7053a8611f5d92e87dff75ed6d0db56a197fb5d9fe1da71448ae20bdd1d95483bc82cbc881b058bf8097f86fde91457f4e95a107ef153

    • SSDEEP

      49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38T4B+g2vUqHOErz1:tPXZz

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks