General
-
Target
sora.arm7.elf
-
Size
50KB
-
Sample
230429-xnpnfsbg47
-
MD5
f2e5e013f88099c9762b7ae92e7f2261
-
SHA1
95763e4a1bcf6516b453bdf252c8ca6bd3da1376
-
SHA256
4a81ce0f9509209d165ced40e60e7d0a660ec802675cfff1906b375cd2119bbc
-
SHA512
d7d7562cda0fdd47c0c4de6d456c11e086c030206f0beb6d7b45a30dc2c8f0319f549b5630f1a72cacdb3abc695eb971820b6bd64ea384c909845c66bb0a780a
-
SSDEEP
1536:3CoqsGR4eB3g0Vmh1IxIpC8JzL9VE8amFZP7R3X:Soqs2Twh6P8JzLJ9ZP7R3X
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.arm7.elf
-
Size
50KB
-
MD5
f2e5e013f88099c9762b7ae92e7f2261
-
SHA1
95763e4a1bcf6516b453bdf252c8ca6bd3da1376
-
SHA256
4a81ce0f9509209d165ced40e60e7d0a660ec802675cfff1906b375cd2119bbc
-
SHA512
d7d7562cda0fdd47c0c4de6d456c11e086c030206f0beb6d7b45a30dc2c8f0319f549b5630f1a72cacdb3abc695eb971820b6bd64ea384c909845c66bb0a780a
-
SSDEEP
1536:3CoqsGR4eB3g0Vmh1IxIpC8JzL9VE8amFZP7R3X:Soqs2Twh6P8JzLJ9ZP7R3X
-
Contacts a large (132278) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-