mirai | aafe71a59c92c7a7feb8b1e9a4eba5832477f64ef47c20cbc5ccc9ea426b0680 | Triage

Submit
Reports

Overview

overview

Static

static

7

sora.arm.elf

debian-9-armhf

Sharing

General

Target

sora.arm.elf
Size

26KB
Sample

240428-nz5z5sfa79
MD5

175c08a682551764a2d964e881fbf666
SHA1

e963be733f2bfa5839bcc2ca5d864bf94162d4d5
SHA256

aafe71a59c92c7a7feb8b1e9a4eba5832477f64ef47c20cbc5ccc9ea426b0680
SHA512

61c80f308b99752cd86be23b460c50700b9a4ce7306fa0652c8b510ae390f39a70a435cac59dedd63a6db4a261bb1f59a01e4dee29bb63c00477f35fcd2d7285
SSDEEP

384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plN9rhymdGUl:byNUQUfhQllxlaH0MFjlOnGs7s3Uoza

Score

10^/10

mirai sora botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora.arm.elf

Resource

debian9-armhf-20240226-en

mirai sora botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora.arm.elf
- Size
  
  26KB
- MD5
  
  175c08a682551764a2d964e881fbf666
- SHA1
  
  e963be733f2bfa5839bcc2ca5d864bf94162d4d5
- SHA256
  
  aafe71a59c92c7a7feb8b1e9a4eba5832477f64ef47c20cbc5ccc9ea426b0680
- SHA512
  
  61c80f308b99752cd86be23b460c50700b9a4ce7306fa0652c8b510ae390f39a70a435cac59dedd63a6db4a261bb1f59a01e4dee29bb63c00477f35fcd2d7285
- SSDEEP
  
  384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plN9rhymdGUl:byNUQUfhQllxlaH0MFjlOnGs7s3Uoza
Score

10^/10

mirai sora botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (172397) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraisorabotnetdiscovery

© 2018-2024

Terms | Privacy