General
-
Target
sora.arm7
-
Size
47KB
-
Sample
230429-3xm4waee51
-
MD5
80bd2ed349fc6fa3b581424c979caf7a
-
SHA1
df90cd005b39db3d29f0fa311adca4f132539e38
-
SHA256
0a8a5595f9f68dea7690d45ce0ce7029153ff4ba47d3a96b7e93da4dc7a23ca8
-
SHA512
ecbd3ed1828bde5c0b8b0a4fc30327a9deb46a8dab96f79fd4fd5d4a61e6245380d1102b57fa7ebf0a633161df5be217647edbdb8da7ac2f103dc5feb193f607
-
SSDEEP
768:aK7y1XGO1LCNgukEkvwtqPnH7u83nc0iF/C9q3UELWt/iw+kvBGg6+fYtrBH/:E12O1LCNguovDPH7Tcr53LWhiw+kvBGJ
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.arm7
-
Size
47KB
-
MD5
80bd2ed349fc6fa3b581424c979caf7a
-
SHA1
df90cd005b39db3d29f0fa311adca4f132539e38
-
SHA256
0a8a5595f9f68dea7690d45ce0ce7029153ff4ba47d3a96b7e93da4dc7a23ca8
-
SHA512
ecbd3ed1828bde5c0b8b0a4fc30327a9deb46a8dab96f79fd4fd5d4a61e6245380d1102b57fa7ebf0a633161df5be217647edbdb8da7ac2f103dc5feb193f607
-
SSDEEP
768:aK7y1XGO1LCNgukEkvwtqPnH7u83nc0iF/C9q3UELWt/iw+kvBGg6+fYtrBH/:E12O1LCNguovDPH7Tcr53LWhiw+kvBGJ
-
Contacts a large (132160) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-