Malware Analysis Report

2024-11-13 13:12

Sample ID 240803-f947lavcqq
Target 709-1-0x00008000-0x0002db14-memory.dmp
SHA256 b71c27c1fa2860e3ee58bdbf694776cd52155b1735e32ef24426037882ba43bb
Tags
sora mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b71c27c1fa2860e3ee58bdbf694776cd52155b1735e32ef24426037882ba43bb

Threat Level: Known bad

The file 709-1-0x00008000-0x0002db14-memory.dmp was found to be: Known bad.

Malicious Activity Summary

sora mirai

Mirai family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-08-03 05:35

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-03 05:35

Reported

2024-08-03 05:38

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

175s

Command Line

[/tmp/709-1-0x00008000-0x0002db14-memory.dmp]

Signatures

N/A

Processes

/tmp/709-1-0x00008000-0x0002db14-memory.dmp

[/tmp/709-1-0x00008000-0x0002db14-memory.dmp]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 0.debian.pool.ntp.org udp

Files

N/A