General
-
Target
linux_386.elf
-
Size
5.0MB
-
Sample
250412-w6rebszjy8
-
MD5
dedd6442d9c7c2ff4c3d991b9893ac54
-
SHA1
150d7e82cc22fe592af3cea71bea1e16d0d1b463
-
SHA256
825388375483b83122494a60fa31f54273561d0ea617b370519b77996ca4b520
-
SHA512
9a2d690ccb0fda8151e0ef9476d4aae165a3d9b8fd16456a62900e1794a0532fa8a6b904e80adff45f09361e29aabb1be191fc30859dc8a34438c6b39daf74ff
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNap9hW16klbU6V:E33GlbU8FwmzzRDZ9mtqRV
Behavioral task
behavioral1
Sample
linux_386.elf
Resource
ubuntu2204-amd64-20250410-en
Malware Config
Extracted
kaiji
aresapp.456789456.xyz:52462
Targets
-
-
Target
linux_386.elf
-
Size
5.0MB
-
MD5
dedd6442d9c7c2ff4c3d991b9893ac54
-
SHA1
150d7e82cc22fe592af3cea71bea1e16d0d1b463
-
SHA256
825388375483b83122494a60fa31f54273561d0ea617b370519b77996ca4b520
-
SHA512
9a2d690ccb0fda8151e0ef9476d4aae165a3d9b8fd16456a62900e1794a0532fa8a6b904e80adff45f09361e29aabb1be191fc30859dc8a34438c6b39daf74ff
-
SSDEEP
49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNap9hW16klbU6V:E33GlbU8FwmzzRDZ9mtqRV
-
Kaiji
Kaiji payload
-
Kaiji family
-
kaiji_chaosbot
Chaos-variant payload
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
3XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1