General

  • Target

    sora.arm7-20220521-1450

  • Size

    54KB

  • Sample

    220521-r75k5adacq

  • MD5

    75df391413d0b7402e62f2de2f680ac6

  • SHA1

    7b1043277c17f98d886f4c8177a5b619d280672e

  • SHA256

    606391046b0214181557b134a557519eefb897052d19f4035ab0c032eaad59a0

  • SHA512

    ae2aed3f5d581178f5a537e94cb19f15b9bb1e00a3c6c08534be4e0065694be75cb4ac04acd0758c6df70e4d7f02894cf55f348cd8778da3c45247e31c9eb88d

Score
9/10

Malware Config

Targets

    • Target

      sora.arm7-20220521-1450

    • Size

      54KB

    • MD5

      75df391413d0b7402e62f2de2f680ac6

    • SHA1

      7b1043277c17f98d886f4c8177a5b619d280672e

    • SHA256

      606391046b0214181557b134a557519eefb897052d19f4035ab0c032eaad59a0

    • SHA512

      ae2aed3f5d581178f5a537e94cb19f15b9bb1e00a3c6c08534be4e0065694be75cb4ac04acd0758c6df70e4d7f02894cf55f348cd8778da3c45247e31c9eb88d

    Score
    9/10
    • Contacts a large (19710) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Impair Defenses

1
T1562

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Tasks