General

  • Target

    1694c7f4a11105a25c4ab1b2a08012b2.bin

  • Size

    2.1MB

  • Sample

    250414-bc6a6swmt3

  • MD5

    8f09ed2d955a4d76210e9cf829cb645a

  • SHA1

    a250a33538b8fb40f3497160b1ba2cc411b051c3

  • SHA256

    97e7816626eae352f60cb27e600e1a2de19eafeb8c05277f2fbb61039f3f5854

  • SHA512

    fbc54d9752775bf3ce0dd462d3263a187aa78c5dbc5b695330acf4eb03ca40fe996d45712adf3d9dbd3ee8177331e678a25b14e67c4d5c74ebc9656afdd561b6

  • SSDEEP

    49152:L1YtHdd9GQACrw+Xn5pO5rfC+kHQSPKtrsyv/slsh5C:Le9dc7CrHX5pofC+zWKtrsyXRh5C

Malware Config

Extracted

Family

kaiji

C2

aresapp.456789456.xyz:52462

Targets

    • Target

      b5fb1596b0b306ae93ecb350a0f27bbf6d5e53798779beeb4c11728237c422bb.elf

    • Size

      5.1MB

    • MD5

      1694c7f4a11105a25c4ab1b2a08012b2

    • SHA1

      bae22f26fd7ad1bc749ebbe46c33b34c3ad483f2

    • SHA256

      b5fb1596b0b306ae93ecb350a0f27bbf6d5e53798779beeb4c11728237c422bb

    • SHA512

      716eb69b24a5fc8759d080f024ddff6ef804421140a9a5131b191726eab35e416ae64d25a002a36ec2877fe1e265ac99bb66683206907aac9eb1b18b0f6ffbfd

    • SSDEEP

      98304:8cSBHdgN2a7JP97kJru8cYWPAXqVu+60:8cS03tu+6

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks