General

  • Target

    linux_arm5.elf

  • Size

    5.1MB

  • Sample

    250412-w7e3pazvgv

  • MD5

    215841c0dccf1f3f5d7d186160e6fa9d

  • SHA1

    b8b44ad02b85c6716cdd04e1cf918f824aa3ba2b

  • SHA256

    09982fbb135517c8ed2558d41c3f43ffdc4bfdaeff4474b96928b5e83e051745

  • SHA512

    dec10197abee7d71937e2daec029cacc77d75e7f05765c6100232604f93999c4c85c5c80f573588de8273f5c8ec5a6c460f8c116fdeb6a29591873ff907ec7c7

  • SSDEEP

    49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhq+lYfQMcU1F1:OKY3U+qRxQ3qKuM

Malware Config

Extracted

Family

kaiji

C2

aresapp.456789456.xyz:52462

Targets

    • Target

      linux_arm5.elf

    • Size

      5.1MB

    • MD5

      215841c0dccf1f3f5d7d186160e6fa9d

    • SHA1

      b8b44ad02b85c6716cdd04e1cf918f824aa3ba2b

    • SHA256

      09982fbb135517c8ed2558d41c3f43ffdc4bfdaeff4474b96928b5e83e051745

    • SHA512

      dec10197abee7d71937e2daec029cacc77d75e7f05765c6100232604f93999c4c85c5c80f573588de8273f5c8ec5a6c460f8c116fdeb6a29591873ff907ec7c7

    • SSDEEP

      49152:QtKY0CdO+kBRx0Tg0qTecEG7meYuhq+lYfQMcU1F1:OKY3U+qRxQ3qKuM

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks