mirai | 2951743fea77b8e4b1aec6dc3023527770ac48b45216a28da6050eede7384569 | Triage

Submit
Reports

Overview

overview

Static

static

7

sora.mpsl.elf

debian-9-mipsel

Sharing

General

Target

sora.mpsl.elf
Size

29KB
Sample

230429-2zh29sed5v
MD5

7d2c545b480349c5548c5b8b21120cca
SHA1

76e622e763a7ca69c1d071c49878feaa5f0b44b4
SHA256

2951743fea77b8e4b1aec6dc3023527770ac48b45216a28da6050eede7384569
SHA512

c3f3d0bb199d403460231d2722296ad7f9749626002662383e509cfc5b48f9b2366f89d14ed789bba075ca283b39dd1a21a60fe9050f6a5cca4122341f4700fe
SSDEEP

768:k1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNZvJbUWUu:kbDs06t4BEub4sU/MbUZvYu

Score

10^/10

mirai sora botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora.mpsl.elf

Resource

debian9-mipsel-en-20211208

mirai sora botnet discovery

debian-9-mipsel

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora.mpsl.elf
- Size
  
  29KB
- MD5
  
  7d2c545b480349c5548c5b8b21120cca
- SHA1
  
  76e622e763a7ca69c1d071c49878feaa5f0b44b4
- SHA256
  
  2951743fea77b8e4b1aec6dc3023527770ac48b45216a28da6050eede7384569
- SHA512
  
  c3f3d0bb199d403460231d2722296ad7f9749626002662383e509cfc5b48f9b2366f89d14ed789bba075ca283b39dd1a21a60fe9050f6a5cca4122341f4700fe
- SSDEEP
  
  768:k1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNZvJbUWUu:kbDs06t4BEub4sU/MbUZvYu
Score

10^/10

mirai sora botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (49700) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraisorabotnetdiscovery

© 2018-2024

Terms | Privacy