General

  • Target

    sora.x86-20240504-0115.elf

  • Size

    28KB

  • Sample

    240504-bmsg3ahe4y

  • MD5

    0ca39c1b328d747ac31adaa7fd9e3ccc

  • SHA1

    3e8ffd968c12abe2512780032a683b5ff2d02a99

  • SHA256

    53e90a6bf08a11c8b3f1fe35f33a07f9529266fc0a8fb5f21b93a36a6b72f382

  • SHA512

    5b9671da2d811fb5feff09fe79ead709783c1ab7830400517410de64cbc0ba65140e301e7ab6949488dfffc0881785dd7f6b231063220d28188e44b5fb94a456

  • SSDEEP

    768:G0HNHw3O3HymrAR4eRKd/zPr7gvXldyYylP3b0gGeXtJ+24:GYNHBAjABPctyP3b0gGAL4

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      sora.x86-20240504-0115.elf

    • Size

      28KB

    • MD5

      0ca39c1b328d747ac31adaa7fd9e3ccc

    • SHA1

      3e8ffd968c12abe2512780032a683b5ff2d02a99

    • SHA256

      53e90a6bf08a11c8b3f1fe35f33a07f9529266fc0a8fb5f21b93a36a6b72f382

    • SHA512

      5b9671da2d811fb5feff09fe79ead709783c1ab7830400517410de64cbc0ba65140e301e7ab6949488dfffc0881785dd7f6b231063220d28188e44b5fb94a456

    • SSDEEP

      768:G0HNHw3O3HymrAR4eRKd/zPr7gvXldyYylP3b0gGeXtJ+24:GYNHBAjABPctyP3b0gGAL4

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20550) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks