mirai | 8a656b7b345137960d2f778951588d8c4f98d0756c951368cd9eaf80525f1638 | Triage

Sharing

General

Target

sora(1).x86
Size

89KB
Sample

240424-xxwhcsff5t
MD5

1b8e211fd4ca86563894bfd01a675f8c
SHA1

bf757c67129bda9bb3e47e2d3dccdc543feada97
SHA256

8a656b7b345137960d2f778951588d8c4f98d0756c951368cd9eaf80525f1638
SHA512

3b22a60ef3a9b3c2f1c072bc63a2ea838667e0fbbfc3b8a9c18d2e949172c7485f8c8092b3902ab2b698106df0ec7fdfde1ec7b5c1f8cb8adb032fbdb20aac73
SSDEEP

1536:xiojfDpCp8gCn5o9pnFKP91HKCmrxHYy3SvIvlZ2J+rniSrJAQrE3LF:0ojfDpC8gCnKLFKP91HK7rxnpltr9eQe

Score

10^/10

mirai sora discovery linux

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora(1).x86
- Size
  
  89KB
- MD5
  
  1b8e211fd4ca86563894bfd01a675f8c
- SHA1
  
  bf757c67129bda9bb3e47e2d3dccdc543feada97
- SHA256
  
  8a656b7b345137960d2f778951588d8c4f98d0756c951368cd9eaf80525f1638
- SHA512
  
  3b22a60ef3a9b3c2f1c072bc63a2ea838667e0fbbfc3b8a9c18d2e949172c7485f8c8092b3902ab2b698106df0ec7fdfde1ec7b5c1f8cb8adb032fbdb20aac73
- SSDEEP
  
  1536:xiojfDpCp8gCn5o9pnFKP91HKCmrxHYy3SvIvlZ2J+rniSrJAQrE3LF:0ojfDpC8gCnKLFKP91HK7rxnpltr9eQe
Score

9^/10

discovery
- Contacts a large (2318) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1