General

  • Target

    sora.mpsl.elf

  • Size

    29KB

  • Sample

    241108-kh6nka1qcq

  • MD5

    fb27d2d6655afb0c52fe8335431b05e4

  • SHA1

    ddcb75720cc7751d631cce8d1d53216c2e0cc680

  • SHA256

    9748be929e9d9f88ee59da091e7f0bc651f590b0d1ca97fa9d6239067cd32d9c

  • SHA512

    8a58723c8ec0a8a1a70bcc14534358801c385a1bce876e883357849df0d7f2391df7b1479ac22de3d21564a9cd4bcde0d72d49403ac18727375959d3808509c8

  • SSDEEP

    768:EUMbYiXNplakzb6LljVRElPOcGWdxgozuqivQ/iyCWU5:lMbRNpljwB8WodxBu2/iyk5

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      sora.mpsl.elf

    • Size

      29KB

    • MD5

      fb27d2d6655afb0c52fe8335431b05e4

    • SHA1

      ddcb75720cc7751d631cce8d1d53216c2e0cc680

    • SHA256

      9748be929e9d9f88ee59da091e7f0bc651f590b0d1ca97fa9d6239067cd32d9c

    • SHA512

      8a58723c8ec0a8a1a70bcc14534358801c385a1bce876e883357849df0d7f2391df7b1479ac22de3d21564a9cd4bcde0d72d49403ac18727375959d3808509c8

    • SSDEEP

      768:EUMbYiXNplakzb6LljVRElPOcGWdxgozuqivQ/iyCWU5:lMbRNpljwB8WodxBu2/iyk5

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (41252) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

MITRE ATT&CK Enterprise v15

Tasks