Analysis
-
max time kernel
1s -
max time network
138s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
02-08-2024 18:51
General
-
Target
sora.arm7.elf
-
Size
51KB
-
MD5
835a97ec3fbbc06d59f52a417acf636a
-
SHA1
c25c53393468bba777491ad0ef5310f11cd57bc4
-
SHA256
ddb07ed1f41dc60aa79794e3840d90403a519f6809062d09996295413f9ab80d
-
SHA512
dd57efe2fa8947579c800a7dca1e2c1bbd76bbffebe2e444afe61047e447062937b5e6d71f219d4917b8fecdcc7dbcbbc6d4c3324e58a46d55d8503140c46ad0
-
SSDEEP
1536:69O/ZMAXIxNUk0j/dLcPqF1aBexo4opKZbI:69O/ZNKyPdLGqFUFN
Malware Config
Extracted
Family
mirai
Botnet
SORA
Signatures
-
Changes its process name 1 IoCs
Processes:
sora.arm7.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself h2hmc0jnkkpbjn1ofc1 712 sora.arm7.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
sora.arm7.elfdescription ioc process File opened for reading /proc/self/exe sora.arm7.elf