General
-
Target
sora.x86.elf
-
Size
19KB
-
Sample
230429-hn7rpscb3x
-
MD5
4b0942051b4eb8ee7d77a5163522e09e
-
SHA1
05efe74592c1bdd0c0658e1c0baef202a6f66109
-
SHA256
8d462b69e08f37e62ee01dd4a430c384605d8458ba43964c06c53c80571befca
-
SHA512
26b2ce91c308ff10f112ce36ebd1d96d9475029895b042bb2ce662f108992e0a4e032f2974bc55da5ed8574665b48c013d30686eefcf5ee6a3f96d4a6061e47a
-
SSDEEP
384:MDpyCgb3mHmgy8G6x2QDXVihMAfuBpOGXKuAWIB3VACFOgnIv1RR:Q4EyRCCMAccuePAUeR
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.x86.elf
-
Size
19KB
-
MD5
4b0942051b4eb8ee7d77a5163522e09e
-
SHA1
05efe74592c1bdd0c0658e1c0baef202a6f66109
-
SHA256
8d462b69e08f37e62ee01dd4a430c384605d8458ba43964c06c53c80571befca
-
SHA512
26b2ce91c308ff10f112ce36ebd1d96d9475029895b042bb2ce662f108992e0a4e032f2974bc55da5ed8574665b48c013d30686eefcf5ee6a3f96d4a6061e47a
-
SSDEEP
384:MDpyCgb3mHmgy8G6x2QDXVihMAfuBpOGXKuAWIB3VACFOgnIv1RR:Q4EyRCCMAccuePAUeR
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-