General
-
Target
sora.arm7-20220521-1450
-
Size
54KB
-
Sample
220521-r75k5adacq
-
MD5
75df391413d0b7402e62f2de2f680ac6
-
SHA1
7b1043277c17f98d886f4c8177a5b619d280672e
-
SHA256
606391046b0214181557b134a557519eefb897052d19f4035ab0c032eaad59a0
-
SHA512
ae2aed3f5d581178f5a537e94cb19f15b9bb1e00a3c6c08534be4e0065694be75cb4ac04acd0758c6df70e4d7f02894cf55f348cd8778da3c45247e31c9eb88d
Static task
static1
Behavioral task
behavioral1
Sample
sora.arm7-20220521-1450
Resource
debian9-armhf-en-20211208
Malware Config
Targets
-
-
Target
sora.arm7-20220521-1450
-
Size
54KB
-
MD5
75df391413d0b7402e62f2de2f680ac6
-
SHA1
7b1043277c17f98d886f4c8177a5b619d280672e
-
SHA256
606391046b0214181557b134a557519eefb897052d19f4035ab0c032eaad59a0
-
SHA512
ae2aed3f5d581178f5a537e94cb19f15b9bb1e00a3c6c08534be4e0065694be75cb4ac04acd0758c6df70e4d7f02894cf55f348cd8778da3c45247e31c9eb88d
Score9/10-
Contacts a large (19710) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-