General

  • Target

    linux_arm7.elf

  • Size

    2.0MB

  • Sample

    250416-w94ttstyg1

  • MD5

    9c069085ca52a2acca2bf52f1171a7da

  • SHA1

    5c6a4714a083dcb6a44adb2043705d65a4ec61ad

  • SHA256

    1934d283e13ddcbe0c1c85e4d41d7c27a1261b0f0d9302451b042952e2708a3e

  • SHA512

    07a87d09d1711c23b95a904d47aa003dfca41fde7af2b3e220bf1dc8f4a4ae4c4ddb2394150652ac50afde4810250418172fdeb7859a664751be5e80354e5034

  • SSDEEP

    24576:sG/LbVzKHSGLGrs4ICJHfRFMX/vwshhILrZaq7xNpvpPEE93xH/aqVhqHviGC2+q:dj3/aGL2T1

Malware Config

Extracted

Family

kaiji

C2

154.40.47.248:888

Targets

    • Target

      linux_arm7.elf

    • Size

      2.0MB

    • MD5

      9c069085ca52a2acca2bf52f1171a7da

    • SHA1

      5c6a4714a083dcb6a44adb2043705d65a4ec61ad

    • SHA256

      1934d283e13ddcbe0c1c85e4d41d7c27a1261b0f0d9302451b042952e2708a3e

    • SHA512

      07a87d09d1711c23b95a904d47aa003dfca41fde7af2b3e220bf1dc8f4a4ae4c4ddb2394150652ac50afde4810250418172fdeb7859a664751be5e80354e5034

    • SSDEEP

      24576:sG/LbVzKHSGLGrs4ICJHfRFMX/vwshhILrZaq7xNpvpPEE93xH/aqVhqHviGC2+q:dj3/aGL2T1

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks