Overview

overview

10

Static

static

7

sora.x86.elf

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sora.x86.elf

  • Size

    39KB

  • Sample

    240423-mxtnnafe92

  • MD5

    be5a798817330425494809c2f5304d1c

  • SHA1

    0edb3f4395ec9a4c7c3f589e330eadf1b0457425

  • SHA256

    e46e14349d506e50bd7b0c760f86edfadbeb442f293ba6b5f41ddff0cb490caa

  • SHA512

    36f5cd0a076f0df9af7d2349dc8d3bb9269672f77f6e2ce7ca9031236294481a4537aceaf6f8f01c303aa2532a0063abc0fa671e5b54d3cc7d94b8862c3ce220

  • SSDEEP

    768:sgWRsr0BsMXlZu60wyvvt8SFl8Gkfe45ZjMqxLuEjqYHvlJ1dY1:sgWugBs6Qayvv/l8GmrZjMqxL1qYPlpK

Score
10/10
miraisorabotnetdiscoverylinuxupx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      sora.x86.elf

    • Size

      39KB

    • MD5

      be5a798817330425494809c2f5304d1c

    • SHA1

      0edb3f4395ec9a4c7c3f589e330eadf1b0457425

    • SHA256

      e46e14349d506e50bd7b0c760f86edfadbeb442f293ba6b5f41ddff0cb490caa

    • SHA512

      36f5cd0a076f0df9af7d2349dc8d3bb9269672f77f6e2ce7ca9031236294481a4537aceaf6f8f01c303aa2532a0063abc0fa671e5b54d3cc7d94b8862c3ce220

    • SSDEEP

      768:sgWRsr0BsMXlZu60wyvvt8SFl8Gkfe45ZjMqxLuEjqYHvlJ1dY1:sgWugBs6Qayvv/l8GmrZjMqxL1qYPlpK

    Score
    10/10
    miraisorabotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (86119) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks