General
-
Target
sora.x86.elf
-
Size
24KB
-
Sample
230429-3vl4ssee5x
-
MD5
edf426722e9cf1d9b5102115d2aab441
-
SHA1
34db128b5efb586b4c19c5c009f54f9796c9a949
-
SHA256
345251267d03985a91e62e48fdb2364d6c00b83ef813311fefd1201a059d4367
-
SHA512
b51867f3b1108ce71c65756442d70f5aac6f8c53fd7eab72b36bc904173234251d4c26d37a89c1a10f6c322a34019eaf05246017a48fdc4e7ff4659bb0b1a3fd
-
SSDEEP
384:MCDKKQOcRpmYLdn6RBOFRFt5rUF81uiSSlCo3AnupVFNqnrrd1NEZgO8UXWozPLS:P/QOC0Yhn6ROHWF09cwNPFCnNBxceocR
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.x86.elf
-
Size
24KB
-
MD5
edf426722e9cf1d9b5102115d2aab441
-
SHA1
34db128b5efb586b4c19c5c009f54f9796c9a949
-
SHA256
345251267d03985a91e62e48fdb2364d6c00b83ef813311fefd1201a059d4367
-
SHA512
b51867f3b1108ce71c65756442d70f5aac6f8c53fd7eab72b36bc904173234251d4c26d37a89c1a10f6c322a34019eaf05246017a48fdc4e7ff4659bb0b1a3fd
-
SSDEEP
384:MCDKKQOcRpmYLdn6RBOFRFt5rUF81uiSSlCo3AnupVFNqnrrd1NEZgO8UXWozPLS:P/QOC0Yhn6ROHWF09cwNPFCnNBxceocR
-
Contacts a large (173361) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-