mirai | 4a81ce0f9509209d165ced40e60e7d0a660ec802675cfff1906b375cd2119bbc | Triage

Submit
Reports

Overview

overview

Static

static

7

sora.arm7.elf

debian-9-armhf

Sharing

General

Target

sora.arm7.elf
Size

50KB
Sample

230429-xnpnfsbg47
MD5

f2e5e013f88099c9762b7ae92e7f2261
SHA1

95763e4a1bcf6516b453bdf252c8ca6bd3da1376
SHA256

4a81ce0f9509209d165ced40e60e7d0a660ec802675cfff1906b375cd2119bbc
SHA512

d7d7562cda0fdd47c0c4de6d456c11e086c030206f0beb6d7b45a30dc2c8f0319f549b5630f1a72cacdb3abc695eb971820b6bd64ea384c909845c66bb0a780a
SSDEEP

1536:3CoqsGR4eB3g0Vmh1IxIpC8JzL9VE8amFZP7R3X:Soqs2Twh6P8JzLJ9ZP7R3X

Score

10^/10

mirai sora botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora.arm7.elf

Resource

debian9-armhf-en-20211208

mirai sora botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora.arm7.elf
- Size
  
  50KB
- MD5
  
  f2e5e013f88099c9762b7ae92e7f2261
- SHA1
  
  95763e4a1bcf6516b453bdf252c8ca6bd3da1376
- SHA256
  
  4a81ce0f9509209d165ced40e60e7d0a660ec802675cfff1906b375cd2119bbc
- SHA512
  
  d7d7562cda0fdd47c0c4de6d456c11e086c030206f0beb6d7b45a30dc2c8f0319f549b5630f1a72cacdb3abc695eb971820b6bd64ea384c909845c66bb0a780a
- SSDEEP
  
  1536:3CoqsGR4eB3g0Vmh1IxIpC8JzL9VE8amFZP7R3X:Soqs2Twh6P8JzLJ9ZP7R3X
Score

10^/10

mirai sora botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (132278) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdiscovery

© 2018-2024

Terms | Privacy