General

  • Target

    linux_386.elf

  • Size

    5.0MB

  • Sample

    250412-w6rebszjy8

  • MD5

    dedd6442d9c7c2ff4c3d991b9893ac54

  • SHA1

    150d7e82cc22fe592af3cea71bea1e16d0d1b463

  • SHA256

    825388375483b83122494a60fa31f54273561d0ea617b370519b77996ca4b520

  • SHA512

    9a2d690ccb0fda8151e0ef9476d4aae165a3d9b8fd16456a62900e1794a0532fa8a6b904e80adff45f09361e29aabb1be191fc30859dc8a34438c6b39daf74ff

  • SSDEEP

    49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNap9hW16klbU6V:E33GlbU8FwmzzRDZ9mtqRV

Malware Config

Extracted

Family

kaiji

C2

aresapp.456789456.xyz:52462

Targets

    • Target

      linux_386.elf

    • Size

      5.0MB

    • MD5

      dedd6442d9c7c2ff4c3d991b9893ac54

    • SHA1

      150d7e82cc22fe592af3cea71bea1e16d0d1b463

    • SHA256

      825388375483b83122494a60fa31f54273561d0ea617b370519b77996ca4b520

    • SHA512

      9a2d690ccb0fda8151e0ef9476d4aae165a3d9b8fd16456a62900e1794a0532fa8a6b904e80adff45f09361e29aabb1be191fc30859dc8a34438c6b39daf74ff

    • SSDEEP

      49152:E33d0lGt6UHcFL7Rn2o03wiEhiDmzzd/9sARlBs/00Cpfx9a9uNap9hW16klbU6V:E33GlbU8FwmzzRDZ9mtqRV

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks