General
-
Target
sora.mpsl.elf
-
Size
29KB
-
Sample
240430-jm4jbsgb3z
-
MD5
725d881fd8101182d02cbf02c5ffc855
-
SHA1
aa512662f69dbe1204e02ff02c91a84d5f16b7c1
-
SHA256
e09c90f23193be2a7916a2f11a428c6a0aceab1c3722fca2404320456e97498c
-
SHA512
92d12582ace75378c59dc450119dda5d6d6f066c230328617c39950f9d0fe82a825ef9f75b1ff7a982b918c0262c8b4d063f2754f3d7f7a1be64426a3daac6c0
-
SSDEEP
384:Q8pVWtmRsLYEpB6V8S628FuRUuNJG9whQ3Cfbo6w+K95orjpF1RWGVCz0Nv8:FMYHb62x4ahQ3CfdwLjYdWl
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.mpsl.elf
-
Size
29KB
-
MD5
725d881fd8101182d02cbf02c5ffc855
-
SHA1
aa512662f69dbe1204e02ff02c91a84d5f16b7c1
-
SHA256
e09c90f23193be2a7916a2f11a428c6a0aceab1c3722fca2404320456e97498c
-
SHA512
92d12582ace75378c59dc450119dda5d6d6f066c230328617c39950f9d0fe82a825ef9f75b1ff7a982b918c0262c8b4d063f2754f3d7f7a1be64426a3daac6c0
-
SSDEEP
384:Q8pVWtmRsLYEpB6V8S628FuRUuNJG9whQ3Cfbo6w+K95orjpF1RWGVCz0Nv8:FMYHb62x4ahQ3CfdwLjYdWl
-
Contacts a large (172292) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-