General
-
Target
sora.mpsl.elf
-
Size
29KB
-
Sample
230429-2zh29sed5v
-
MD5
7d2c545b480349c5548c5b8b21120cca
-
SHA1
76e622e763a7ca69c1d071c49878feaa5f0b44b4
-
SHA256
2951743fea77b8e4b1aec6dc3023527770ac48b45216a28da6050eede7384569
-
SHA512
c3f3d0bb199d403460231d2722296ad7f9749626002662383e509cfc5b48f9b2366f89d14ed789bba075ca283b39dd1a21a60fe9050f6a5cca4122341f4700fe
-
SSDEEP
768:k1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNZvJbUWUu:kbDs06t4BEub4sU/MbUZvYu
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.mpsl.elf
-
Size
29KB
-
MD5
7d2c545b480349c5548c5b8b21120cca
-
SHA1
76e622e763a7ca69c1d071c49878feaa5f0b44b4
-
SHA256
2951743fea77b8e4b1aec6dc3023527770ac48b45216a28da6050eede7384569
-
SHA512
c3f3d0bb199d403460231d2722296ad7f9749626002662383e509cfc5b48f9b2366f89d14ed789bba075ca283b39dd1a21a60fe9050f6a5cca4122341f4700fe
-
SSDEEP
768:k1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNZvJbUWUu:kbDs06t4BEub4sU/MbUZvYu
-
Contacts a large (49700) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-