mirai | 674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337dd | Triage

Sharing

General

Target

NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf
Size

28KB
Sample

231015-r1bpgaga8s
MD5

1ae26d4273ba1b7645b3ea5a3174e60c
SHA1

e0689e490ab94ecf0d61778980ea7614fbd76657
SHA256

674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337dd
SHA512

2d9adad1fa23d0ac8981f6fbdbe622834c93d6f1e0c24dcc945f51e2be4c403a4bc25c674f2d743b040905aeab48f3b5a3190607ef59b347b30c2403e057942b
SSDEEP

768:5FqhCAkWQ04Blne1p1FZQwnm+l8RFBHZJgGlzDpbuR1J9:5shzk/rUdQwnm+l83BHLVJuP

Score

10^/10

mirai sora botnet upx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  NEAS.674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337ddelf_JC.elf
- Size
  
  28KB
- MD5
  
  1ae26d4273ba1b7645b3ea5a3174e60c
- SHA1
  
  e0689e490ab94ecf0d61778980ea7614fbd76657
- SHA256
  
  674b7b0065541f6ad19e8f7548a3bc262977161d6a0f336765453d733e9337dd
- SHA512
  
  2d9adad1fa23d0ac8981f6fbdbe622834c93d6f1e0c24dcc945f51e2be4c403a4bc25c674f2d743b040905aeab48f3b5a3190607ef59b347b30c2403e057942b
- SSDEEP
  
  768:5FqhCAkWQ04Blne1p1FZQwnm+l8RFBHZJgGlzDpbuR1J9:5shzk/rUdQwnm+l83BHLVJuP
Score

10^/10

mirai sora botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnet