General
-
Target
sora.x86.elf
-
Size
27KB
-
Sample
240406-zfvkvabc37
-
MD5
942eba31a8e9cbde22fc2de5ab05cc90
-
SHA1
a98047a0adbce66db15ea1bd2f3f5cd44c07bf9e
-
SHA256
74bb741d1ef5daf00503eed906a39ad589bd94bab2817b6c78fce56582bc462c
-
SHA512
6d41672c25b6e920f757dd5c7589ec4a7819affae4f6a54607638c3108a114ca0fcc7bdda00011e7265c9279e6acfa81e934e5713977b46f07c47bbdcfb25cf0
-
SSDEEP
384:Ms79WXUx5+bkbRaliVErjrL9VD9jPwrSaf5bwIB5/8x2BYFydHY0sNDZvzbSNHc2:X5+Kcrb9VDJef5Q2PdHuzb8HoEPbdi8
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.x86.elf
-
Size
27KB
-
MD5
942eba31a8e9cbde22fc2de5ab05cc90
-
SHA1
a98047a0adbce66db15ea1bd2f3f5cd44c07bf9e
-
SHA256
74bb741d1ef5daf00503eed906a39ad589bd94bab2817b6c78fce56582bc462c
-
SHA512
6d41672c25b6e920f757dd5c7589ec4a7819affae4f6a54607638c3108a114ca0fcc7bdda00011e7265c9279e6acfa81e934e5713977b46f07c47bbdcfb25cf0
-
SSDEEP
384:Ms79WXUx5+bkbRaliVErjrL9VD9jPwrSaf5bwIB5/8x2BYFydHY0sNDZvzbSNHc2:X5+Kcrb9VDJef5Q2PdHuzb8HoEPbdi8
-
Contacts a large (89233) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-