General
-
Target
sora(1).x86
-
Size
89KB
-
Sample
240424-xxwhcsff5t
-
MD5
1b8e211fd4ca86563894bfd01a675f8c
-
SHA1
bf757c67129bda9bb3e47e2d3dccdc543feada97
-
SHA256
8a656b7b345137960d2f778951588d8c4f98d0756c951368cd9eaf80525f1638
-
SHA512
3b22a60ef3a9b3c2f1c072bc63a2ea838667e0fbbfc3b8a9c18d2e949172c7485f8c8092b3902ab2b698106df0ec7fdfde1ec7b5c1f8cb8adb032fbdb20aac73
-
SSDEEP
1536:xiojfDpCp8gCn5o9pnFKP91HKCmrxHYy3SvIvlZ2J+rniSrJAQrE3LF:0ojfDpC8gCnKLFKP91HK7rxnpltr9eQe
Behavioral task
behavioral1
Sample
sora(1).x86
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora(1).x86
-
Size
89KB
-
MD5
1b8e211fd4ca86563894bfd01a675f8c
-
SHA1
bf757c67129bda9bb3e47e2d3dccdc543feada97
-
SHA256
8a656b7b345137960d2f778951588d8c4f98d0756c951368cd9eaf80525f1638
-
SHA512
3b22a60ef3a9b3c2f1c072bc63a2ea838667e0fbbfc3b8a9c18d2e949172c7485f8c8092b3902ab2b698106df0ec7fdfde1ec7b5c1f8cb8adb032fbdb20aac73
-
SSDEEP
1536:xiojfDpCp8gCn5o9pnFKP91HKCmrxHYy3SvIvlZ2J+rniSrJAQrE3LF:0ojfDpC8gCnKLFKP91HK7rxnpltr9eQe
Score9/10-
Contacts a large (2318) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-