Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    01-08-2024 09:27

General

  • Target

    sora.mips

  • Size

    28KB

  • MD5

    5b85012f58e1be64429d67d61177c800

  • SHA1

    37508ee8f81e0f2cb4f37ade7e55d3d712e282c3

  • SHA256

    1b17f05fb9b14e2b14182e7d356a3b927c78b3d810cf96b779dad938f90bf5f0

  • SHA512

    20e6af316c290c581a56fc7f50c39eda29b4a79c4d505a0a7a53b27ed09b43ad13d5b2d26637b26eed9369a04b5239f740aa3e3ba576dc9d0dba7fe5fde0ba11

  • SSDEEP

    768:O4ylAtv6pqLJM0RXaxGyUbXtheU/SXB9QJgGlzDpbuR1Jk:RMBqTRXa+Zhr/PVJuS

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (49389) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 47 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/sora.mips
    /tmp/sora.mips
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Changes its process name
    • Reads system network configuration
    • Reads runtime system information
    PID:708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/708-1-0x00400000-0x00454d70-memory.dmp