General
-
Target
sora.arm.elf
-
Size
26KB
-
Sample
240428-nz5z5sfa79
-
MD5
175c08a682551764a2d964e881fbf666
-
SHA1
e963be733f2bfa5839bcc2ca5d864bf94162d4d5
-
SHA256
aafe71a59c92c7a7feb8b1e9a4eba5832477f64ef47c20cbc5ccc9ea426b0680
-
SHA512
61c80f308b99752cd86be23b460c50700b9a4ce7306fa0652c8b510ae390f39a70a435cac59dedd63a6db4a261bb1f59a01e4dee29bb63c00477f35fcd2d7285
-
SSDEEP
384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plN9rhymdGUl:byNUQUfhQllxlaH0MFjlOnGs7s3Uoza
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.arm.elf
-
Size
26KB
-
MD5
175c08a682551764a2d964e881fbf666
-
SHA1
e963be733f2bfa5839bcc2ca5d864bf94162d4d5
-
SHA256
aafe71a59c92c7a7feb8b1e9a4eba5832477f64ef47c20cbc5ccc9ea426b0680
-
SHA512
61c80f308b99752cd86be23b460c50700b9a4ce7306fa0652c8b510ae390f39a70a435cac59dedd63a6db4a261bb1f59a01e4dee29bb63c00477f35fcd2d7285
-
SSDEEP
384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plN9rhymdGUl:byNUQUfhQllxlaH0MFjlOnGs7s3Uoza
-
Contacts a large (172397) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-