Analysis
-
max time kernel
1s -
max time network
124s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20-08-2023 19:51
General
-
Target
sora.arm7.elf
-
Size
51KB
-
MD5
16602ed96cc40e153ae7809f45a3e9fd
-
SHA1
3cddcb8d15e6f89c37b5463cd9fef01dcc127126
-
SHA256
4827ae8417e5d8972bae4cc021438fa44fad91c568e6c7067f55dbc21b6e4036
-
SHA512
ca7c0c741e0e6831681f68c4b2a8f0b22ed97f23cb76b8ecd0a98336d42ccc73c1441fc0019784fbe8561b6e16102bd43a541fca46e93b9261833c38e37622e9
-
SSDEEP
768:LBbPpQwNueqlA/gS8wgXFuCAIDRFLoBco5mlS9q3UELjCHVIpH3UQJc2ZVYCYjKN:B+wg7A/ww96joZuHLm1IpXVJc21+3on1
Malware Config
Extracted
Family
mirai
Botnet
SORA
Signatures
-
Changes its process name 1 IoCs
Processes:
sora.arm7.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself 50nm103oenjkhpe44c 367 sora.arm7.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
sora.arm7.elfdescription ioc process File opened for reading /proc/self/exe sora.arm7.elf