mirai | 364f7fe3057b53003ddab6d8c62521742056da6e82136122a4b90b0e2149e1bb | Triage

Submit
Reports

Overview

overview

Static

static

7

sora (2).mips

debian-9-mips

Sharing

General

Target

sora (2).mips
Size

28KB
Sample

240416-3vv2psfh29
MD5

b0444754143459607a045828a67e33c7
SHA1

05db402433355d47c7f066c0d93a91bc4c0d714e
SHA256

364f7fe3057b53003ddab6d8c62521742056da6e82136122a4b90b0e2149e1bb
SHA512

74bcaa66280699be37dae3e09add215f93da282276990ce33c76d4e4f49219dad11b92c0e34198f4225733cc75bdc92bbbba2a4108cbc868e8d4edb7fd4982de
SSDEEP

768:E4ylAtv6pqLJM0RXaxGyUbXtheU/Sf9IJgGlzDpbuR1JE:XMBqTRXa+Zhr/RVJuG

Score

10^/10

mirai sora botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora (2).mips

Resource

debian9-mipsbe-20240226-en

mirai sora botnet discovery

debian-9-mips

8 signatures

30 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora (2).mips
- Size
  
  28KB
- MD5
  
  b0444754143459607a045828a67e33c7
- SHA1
  
  05db402433355d47c7f066c0d93a91bc4c0d714e
- SHA256
  
  364f7fe3057b53003ddab6d8c62521742056da6e82136122a4b90b0e2149e1bb
- SHA512
  
  74bcaa66280699be37dae3e09add215f93da282276990ce33c76d4e4f49219dad11b92c0e34198f4225733cc75bdc92bbbba2a4108cbc868e8d4edb7fd4982de
- SSDEEP
  
  768:E4ylAtv6pqLJM0RXaxGyUbXtheU/Sf9IJgGlzDpbuR1JE:XMBqTRXa+Zhr/RVJuG
Score

10^/10

mirai sora botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (10565) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraisorabotnetdiscovery

© 2018-2024

Terms | Privacy