General

  • Target

    linux_386.elf

  • Size

    5.0MB

  • Sample

    250419-xnq7aas1gt

  • MD5

    d21d21cb8de14e90f180b9c1f79276b3

  • SHA1

    b83ccf62b44343b28181924e5047fb034421e124

  • SHA256

    71ccac9d63fd1c2799963f5e5d87ee62f0c306741ae796dc4ea3777bdb0e8f09

  • SHA512

    5ba5ea34dbe8d8bf62a64640e86c449aa07153c5c4aac88a01db879829feb28f312cb5ad2869d3a0e3679c8159ebddbe7c863b439e4593a13960a1dcfcc00b3c

  • SSDEEP

    49152:uwybthh2kkjvF77Rn2o03wiEh4hgzRqtN9Tu+H+XfylvVt96CuajJpmhW16kDvrf:uwyRh7kzFkgzausxdaHY4A

Malware Config

Extracted

Family

kaiji

C2

2.59.151.111:8080

Targets

    • Target

      linux_386.elf

    • Size

      5.0MB

    • MD5

      d21d21cb8de14e90f180b9c1f79276b3

    • SHA1

      b83ccf62b44343b28181924e5047fb034421e124

    • SHA256

      71ccac9d63fd1c2799963f5e5d87ee62f0c306741ae796dc4ea3777bdb0e8f09

    • SHA512

      5ba5ea34dbe8d8bf62a64640e86c449aa07153c5c4aac88a01db879829feb28f312cb5ad2869d3a0e3679c8159ebddbe7c863b439e4593a13960a1dcfcc00b3c

    • SSDEEP

      49152:uwybthh2kkjvF77Rn2o03wiEh4hgzRqtN9Tu+H+XfylvVt96CuajJpmhW16kDvrf:uwyRh7kzFkgzausxdaHY4A

    • Kaiji

      Kaiji payload

    • Kaiji family

    • kaiji_chaosbot

      Chaos-variant payload

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks