Overview

overview

10

Static

static

10

sora.mpsl.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sora.mpsl.elf

  • Size

    115KB

  • Sample

    241111-trclhsvjej

  • MD5

    778507ecdcad45e9df4cf23e313d7f07

  • SHA1

    78f95c2087ede31eca55407e454a7595ec58d185

  • SHA256

    b8f28a459204f5e9ba65fe67e6cc38c1c242763c76e166983039f2cdccdbadf7

  • SHA512

    9f191d9115800e86f02bb66151bbb5aaa469ae693ea62034a7fdb870bccd5c7e9474804bef098effba3e16b24e775d8b8a64025aa84967a9b9000bbb369c1cec

  • SSDEEP

    1536:MdyRfyxiqiSf7A1SsdALwsvPTPaXf2TjGMYqlub1gwZJ6im9SKCVD5X:MkRoiqiO9sdpRbql61gwgq5X

Score
10/10
miraisoradefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      sora.mpsl.elf

    • Size

      115KB

    • MD5

      778507ecdcad45e9df4cf23e313d7f07

    • SHA1

      78f95c2087ede31eca55407e454a7595ec58d185

    • SHA256

      b8f28a459204f5e9ba65fe67e6cc38c1c242763c76e166983039f2cdccdbadf7

    • SHA512

      9f191d9115800e86f02bb66151bbb5aaa469ae693ea62034a7fdb870bccd5c7e9474804bef098effba3e16b24e775d8b8a64025aa84967a9b9000bbb369c1cec

    • SSDEEP

      1536:MdyRfyxiqiSf7A1SsdALwsvPTPaXf2TjGMYqlub1gwZJ6im9SKCVD5X:MkRoiqiO9sdpRbql61gwgq5X

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (49551) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks