606391046b0214181557b134a557519eefb897052d19f4035ab0c032eaad59a0

Analysis

max time kernel
14162s
max time network
159s
platform
linux_armhf
resource
debian9-armhf-en-20211208
submitted
21-05-2022 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sora.arm7-20220521-1450
Size

54KB
MD5

75df391413d0b7402e62f2de2f680ac6
SHA1

7b1043277c17f98d886f4c8177a5b619d280672e
SHA256

606391046b0214181557b134a557519eefb897052d19f4035ab0c032eaad59a0
SHA512

ae2aed3f5d581178f5a537e94cb19f15b9bb1e00a3c6c08534be4e0065694be75cb4ac04acd0758c6df70e4d7f02894cf55f348cd8778da3c45247e31c9eb88d

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (19710) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery
T1049

Processes:

description ioc

/proc/net/tcp /proc/net/tcp
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

description ioc

/proc/net/tcp /proc/net/tcp

description	ioc
/proc/net/tcp	/proc/net/tcp

description	ioc
/proc/net/tcp	/proc/net/tcp

Reads runtime system information 25 IoCs

Reads data from /proc virtual filesystem.

Processes:

sora.arm7-20220521-1450

description	ioc
/proc/347/fd	/proc/347/fd
/proc/352/fd	/proc/352/fd
/proc/354/fd	/proc/354/fd
/proc/356/fd	/proc/356/fd
/proc/164/fd	/proc/164/fd
/proc/230/fd	/proc/230/fd
/proc/301/fd	/proc/301/fd
/proc/304/fd	/proc/304/fd
/proc/233/fd	/proc/233/fd
/proc/306/fd	/proc/306/fd
/proc/349/fd	/proc/349/fd
/proc/351/fd	/proc/351/fd
/proc/	/proc/
/proc/131/fd	/proc/131/fd
/proc/225/fd	/proc/225/fd
/proc/228/fd	/proc/228/fd
/proc/276/fd	/proc/276/fd
/proc/285/fd	/proc/285/fd
/proc/355/fd	/proc/355/fd
/proc/275/fd	/proc/275/fd
/proc/307/fd	/proc/307/fd
/proc/self/exe	/proc/self/exe	sora.arm7-20220521-1450
/proc/1/fd	/proc/1/fd
/proc/207/fd	/proc/207/fd
/proc/271/fd	/proc/271/fd

./sora.arm7-20220521-1450
./sora.arm7-20220521-1450
1⤵
- Reads runtime system information
PID:345

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Scanning

T1046

System Network Connections Discovery

T1049

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads