mirai | 8d462b69e08f37e62ee01dd4a430c384605d8458ba43964c06c53c80571befca | Triage

Submit
Reports

Overview

overview

Static

static

7

sora.x86.elf

ubuntu-18.04-amd64

Sharing

General

Target

sora.x86.elf
Size

19KB
Sample

230429-hn7rpscb3x
MD5

4b0942051b4eb8ee7d77a5163522e09e
SHA1

05efe74592c1bdd0c0658e1c0baef202a6f66109
SHA256

8d462b69e08f37e62ee01dd4a430c384605d8458ba43964c06c53c80571befca
SHA512

26b2ce91c308ff10f112ce36ebd1d96d9475029895b042bb2ce662f108992e0a4e032f2974bc55da5ed8574665b48c013d30686eefcf5ee6a3f96d4a6061e47a
SSDEEP

384:MDpyCgb3mHmgy8G6x2QDXVihMAfuBpOGXKuAWIB3VACFOgnIv1RR:Q4EyRCCMAccuePAUeR

Score

10^/10

mirai sora botnet linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora.x86.elf

Resource

ubuntu1804-amd64-en-20211208

mirai sora botnet

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora.x86.elf
- Size
  
  19KB
- MD5
  
  4b0942051b4eb8ee7d77a5163522e09e
- SHA1
  
  05efe74592c1bdd0c0658e1c0baef202a6f66109
- SHA256
  
  8d462b69e08f37e62ee01dd4a430c384605d8458ba43964c06c53c80571befca
- SHA512
  
  26b2ce91c308ff10f112ce36ebd1d96d9475029895b042bb2ce662f108992e0a4e032f2974bc55da5ed8574665b48c013d30686eefcf5ee6a3f96d4a6061e47a
- SSDEEP
  
  384:MDpyCgb3mHmgy8G6x2QDXVihMAfuBpOGXKuAWIB3VACFOgnIv1RR:Q4EyRCCMAccuePAUeR
Score

10^/10

mirai sora botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraisorabotnet

© 2018-2024

Terms | Privacy