General
-
Target
sora.mpsl.elf
-
Size
29KB
-
Sample
241108-kh6nka1qcq
-
MD5
fb27d2d6655afb0c52fe8335431b05e4
-
SHA1
ddcb75720cc7751d631cce8d1d53216c2e0cc680
-
SHA256
9748be929e9d9f88ee59da091e7f0bc651f590b0d1ca97fa9d6239067cd32d9c
-
SHA512
8a58723c8ec0a8a1a70bcc14534358801c385a1bce876e883357849df0d7f2391df7b1479ac22de3d21564a9cd4bcde0d72d49403ac18727375959d3808509c8
-
SSDEEP
768:EUMbYiXNplakzb6LljVRElPOcGWdxgozuqivQ/iyCWU5:lMbRNpljwB8WodxBu2/iyk5
Behavioral task
behavioral1
Sample
sora.mpsl.elf
Resource
debian9-mipsel-20240226-en
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.mpsl.elf
-
Size
29KB
-
MD5
fb27d2d6655afb0c52fe8335431b05e4
-
SHA1
ddcb75720cc7751d631cce8d1d53216c2e0cc680
-
SHA256
9748be929e9d9f88ee59da091e7f0bc651f590b0d1ca97fa9d6239067cd32d9c
-
SHA512
8a58723c8ec0a8a1a70bcc14534358801c385a1bce876e883357849df0d7f2391df7b1479ac22de3d21564a9cd4bcde0d72d49403ac18727375959d3808509c8
-
SSDEEP
768:EUMbYiXNplakzb6LljVRElPOcGWdxgozuqivQ/iyCWU5:lMbRNpljwB8WodxBu2/iyk5
Score10/10-
Mirai family
-
Contacts a large (41252) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-