Analysis

  • max time kernel
    1s
  • max time network
    138s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    02-08-2024 18:51

General

  • Target

    sora.arm7.elf

  • Size

    51KB

  • MD5

    835a97ec3fbbc06d59f52a417acf636a

  • SHA1

    c25c53393468bba777491ad0ef5310f11cd57bc4

  • SHA256

    ddb07ed1f41dc60aa79794e3840d90403a519f6809062d09996295413f9ab80d

  • SHA512

    dd57efe2fa8947579c800a7dca1e2c1bbd76bbffebe2e444afe61047e447062937b5e6d71f219d4917b8fecdcc7dbcbbc6d4c3324e58a46d55d8503140c46ad0

  • SSDEEP

    1536:69O/ZMAXIxNUk0j/dLcPqF1aBexo4opKZbI:69O/ZNKyPdLGqFUFN

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/sora.arm7.elf
    /tmp/sora.arm7.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/712-1-0x00008000-0x00029794-memory.dmp