mirai | 0a8a5595f9f68dea7690d45ce0ce7029153ff4ba47d3a96b7e93da4dc7a23ca8 | Triage

Submit
Reports

Overview

overview

Static

static

7

sora.arm7

debian-9-armhf

Sharing

General

Target

sora.arm7
Size

47KB
Sample

230429-3xm4waee51
MD5

80bd2ed349fc6fa3b581424c979caf7a
SHA1

df90cd005b39db3d29f0fa311adca4f132539e38
SHA256

0a8a5595f9f68dea7690d45ce0ce7029153ff4ba47d3a96b7e93da4dc7a23ca8
SHA512

ecbd3ed1828bde5c0b8b0a4fc30327a9deb46a8dab96f79fd4fd5d4a61e6245380d1102b57fa7ebf0a633161df5be217647edbdb8da7ac2f103dc5feb193f607
SSDEEP

768:aK7y1XGO1LCNgukEkvwtqPnH7u83nc0iF/C9q3UELWt/iw+kvBGg6+fYtrBH/:E12O1LCNguovDPH7Tcr53LWhiw+kvBGJ

Score

10^/10

mirai sora botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora.arm7

Resource

debian9-armhf-en-20211208

mirai sora botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora.arm7
- Size
  
  47KB
- MD5
  
  80bd2ed349fc6fa3b581424c979caf7a
- SHA1
  
  df90cd005b39db3d29f0fa311adca4f132539e38
- SHA256
  
  0a8a5595f9f68dea7690d45ce0ce7029153ff4ba47d3a96b7e93da4dc7a23ca8
- SHA512
  
  ecbd3ed1828bde5c0b8b0a4fc30327a9deb46a8dab96f79fd4fd5d4a61e6245380d1102b57fa7ebf0a633161df5be217647edbdb8da7ac2f103dc5feb193f607
- SSDEEP
  
  768:aK7y1XGO1LCNgukEkvwtqPnH7u83nc0iF/C9q3UELWt/iw+kvBGg6+fYtrBH/:E12O1LCNguovDPH7Tcr53LWhiw+kvBGJ
Score

10^/10

mirai sora botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (132160) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdiscovery

© 2018-2024

Terms | Privacy