Analysis
-
max time kernel
3650s -
max time network
160s -
platform
linux_armhf -
resource
debian9-armhf-en-20211025 -
submitted
06-12-2021 20:00
Static task
static1
Behavioral task
behavioral1
Sample
sora.arm7
Resource
debian9-armhf-en-20211025
linux_armhf
0 signatures
0 seconds
General
-
Target
sora.arm7
-
Size
125KB
-
MD5
615efd8ebfe11f962016505691fa532f
-
SHA1
f598b05398e90890a67341ef02b804042505c13b
-
SHA256
53fd73f8df2d6d452f79544e0e77b657c8a5986f3492cbfdec58d6a4e2f47185
-
SHA512
d826eae3dbf983a0b3cff6681f0d51b5e2e43d87855b9e0d9218c607d88c1c5759fad798fb4ca5c5d85610ddb5d660767ae4c2a0759cb03d1b69b5057159af85
Score
9/10
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 27 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/359/fd /proc/359/fd /proc/356/exe /proc/356/exe /proc/ /proc/ /proc/237/fd /proc/237/fd /proc/308/fd /proc/308/fd /proc/358/fd /proc/358/fd /proc/311/fd /proc/311/fd /proc/139/fd /proc/139/fd /proc/282/fd /proc/282/fd /proc/361/fd /proc/361/fd /proc/356/fd /proc/356/fd /proc/368/fd /proc/368/fd /proc/375{1,1T /proc/375{1,1T /proc/359/exe /proc/359/exe /proc/216/fd /proc/216/fd /proc/234/fd /proc/234/fd /proc/235/fd /proc/235/fd /proc/238/fd /proc/238/fd /proc/280/fd /proc/280/fd /proc/314/fd /proc/314/fd /proc/362/fd /proc/362/fd /proc/367/fd /proc/367/fd /proc/164/fd /proc/164/fd /proc/1/fd /proc/1/fd /proc/284/fd /proc/284/fd /proc/289/fd /proc/289/fd /proc/313/fd /proc/313/fd