General

  • Target

    linux_386.elf

  • Size

    1.8MB

  • Sample

    250416-w94ttstyht

  • MD5

    259800bf6d1eb21a74ff1737f9826a0a

  • SHA1

    1a13ffb1f327ae411689568840b0e812b7d40a59

  • SHA256

    5aa6cc2b09d7fa0d3c5b6826f872826f5d3afb9af18c001ea3f4f1a1ccb188f7

  • SHA512

    d3b013396695920dde44c4bc8af2b91e9e4142592151056e27946af54096056f2a70d528c4fd9abb27042d6a5ed2839648fbe3054b3e8a218bf29586237c1beb

  • SSDEEP

    24576:Inoxw1zy7RvFMNRlnmxlJgAaI0ODBBri8wnJPVwchQItBPUgpxv2SzVVOMaWz1v:s/MBFBuEItpRpsSIWz1

Malware Config

Extracted

Family

kaiji

C2

154.40.47.248:809

Targets

    • Target

      linux_386.elf

    • Size

      1.8MB

    • MD5

      259800bf6d1eb21a74ff1737f9826a0a

    • SHA1

      1a13ffb1f327ae411689568840b0e812b7d40a59

    • SHA256

      5aa6cc2b09d7fa0d3c5b6826f872826f5d3afb9af18c001ea3f4f1a1ccb188f7

    • SHA512

      d3b013396695920dde44c4bc8af2b91e9e4142592151056e27946af54096056f2a70d528c4fd9abb27042d6a5ed2839648fbe3054b3e8a218bf29586237c1beb

    • SSDEEP

      24576:Inoxw1zy7RvFMNRlnmxlJgAaI0ODBBri8wnJPVwchQItBPUgpxv2SzVVOMaWz1v:s/MBFBuEItpRpsSIWz1

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks