General
-
Target
sora.x86.elf
-
Size
27KB
-
Sample
230507-l9765sec68
-
MD5
b97bad82a026e34f3ad136af64dbac19
-
SHA1
0fe3fff5671d5f7c78051e5c1a4feacb21fec16e
-
SHA256
71e33db6119899d5f54b11f22bae9355559e073ede780c41e46c15dba607607f
-
SHA512
9f21f40967fa31d04cdfe9dded0768d8a9070992c2b3c4be0ec5d7f4daedba7ff60e6c874f85b6f36597b76ec2dff77ad23d2876ab902c9173da8acb921ad922
-
SSDEEP
768:u5+Kcrb9VDJee2KTgdTHOBcK5ZCAy71iC:hlrb9veKTg9QB5V8L
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.x86.elf
-
Size
27KB
-
MD5
b97bad82a026e34f3ad136af64dbac19
-
SHA1
0fe3fff5671d5f7c78051e5c1a4feacb21fec16e
-
SHA256
71e33db6119899d5f54b11f22bae9355559e073ede780c41e46c15dba607607f
-
SHA512
9f21f40967fa31d04cdfe9dded0768d8a9070992c2b3c4be0ec5d7f4daedba7ff60e6c874f85b6f36597b76ec2dff77ad23d2876ab902c9173da8acb921ad922
-
SSDEEP
768:u5+Kcrb9VDJee2KTgdTHOBcK5ZCAy71iC:hlrb9veKTg9QB5V8L
-
Contacts a large (160679) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-