General
-
Target
sora (2).mips
-
Size
28KB
-
Sample
240416-3vv2psfh29
-
MD5
b0444754143459607a045828a67e33c7
-
SHA1
05db402433355d47c7f066c0d93a91bc4c0d714e
-
SHA256
364f7fe3057b53003ddab6d8c62521742056da6e82136122a4b90b0e2149e1bb
-
SHA512
74bcaa66280699be37dae3e09add215f93da282276990ce33c76d4e4f49219dad11b92c0e34198f4225733cc75bdc92bbbba2a4108cbc868e8d4edb7fd4982de
-
SSDEEP
768:E4ylAtv6pqLJM0RXaxGyUbXtheU/Sf9IJgGlzDpbuR1JE:XMBqTRXa+Zhr/RVJuG
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora (2).mips
-
Size
28KB
-
MD5
b0444754143459607a045828a67e33c7
-
SHA1
05db402433355d47c7f066c0d93a91bc4c0d714e
-
SHA256
364f7fe3057b53003ddab6d8c62521742056da6e82136122a4b90b0e2149e1bb
-
SHA512
74bcaa66280699be37dae3e09add215f93da282276990ce33c76d4e4f49219dad11b92c0e34198f4225733cc75bdc92bbbba2a4108cbc868e8d4edb7fd4982de
-
SSDEEP
768:E4ylAtv6pqLJM0RXaxGyUbXtheU/Sf9IJgGlzDpbuR1JE:XMBqTRXa+Zhr/RVJuG
-
Contacts a large (10565) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-