General

  • Target

    linux_arm7.elf

  • Size

    5.1MB

  • Sample

    250412-w6rp4azjy9

  • MD5

    7e4d6ab20e0856e2695de54665833cec

  • SHA1

    f6d6593a1b716780ea723e8d4ad122eae1dc16c5

  • SHA256

    e03b170edb8f75e7585174957903b85f0758a56063da7750e3b5de54fb186600

  • SHA512

    35d635d663960accf7b66717d73c6536cfe0be2b7a0dcf3246cb1f0099b9881c8aa5aab2f6d5b66367b56e8a249258c45c12696db44b02cf4817f0055156363d

  • SSDEEP

    49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVlrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXq3

Malware Config

Extracted

Family

kaiji

C2

aresapp.456789456.xyz:52462

Targets

    • Target

      linux_arm7.elf

    • Size

      5.1MB

    • MD5

      7e4d6ab20e0856e2695de54665833cec

    • SHA1

      f6d6593a1b716780ea723e8d4ad122eae1dc16c5

    • SHA256

      e03b170edb8f75e7585174957903b85f0758a56063da7750e3b5de54fb186600

    • SHA512

      35d635d663960accf7b66717d73c6536cfe0be2b7a0dcf3246cb1f0099b9881c8aa5aab2f6d5b66367b56e8a249258c45c12696db44b02cf4817f0055156363d

    • SSDEEP

      49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVlrzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXq3

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks