General

  • Target

    anarchy.arm.elf

  • Size

    54KB

  • Sample

    241121-2b8m1sylcs

  • MD5

    7630793c748482bc6ece5a6ab21a27e5

  • SHA1

    99dfad27c3fda13775e1620051e15d7e1a80e99d

  • SHA256

    e3e136d2adf979b6a10acdc6f897a1531ed36aa25a8b31b55d6f17638e1b515a

  • SHA512

    d99991973830f95a9b809e7ac33342348540858b3ffac32f4cd0cb481c6645fecd589a0287899fdac26ee34e6997bbaa88d6cc4af8b8e81af402b631f3099963

  • SSDEEP

    1536:myOl/Ry4OOcUV89GXChSDvAXIaHNIPtv3:myAPQ9GX1DFatC3

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      anarchy.arm.elf

    • Size

      54KB

    • MD5

      7630793c748482bc6ece5a6ab21a27e5

    • SHA1

      99dfad27c3fda13775e1620051e15d7e1a80e99d

    • SHA256

      e3e136d2adf979b6a10acdc6f897a1531ed36aa25a8b31b55d6f17638e1b515a

    • SHA512

      d99991973830f95a9b809e7ac33342348540858b3ffac32f4cd0cb481c6645fecd589a0287899fdac26ee34e6997bbaa88d6cc4af8b8e81af402b631f3099963

    • SSDEEP

      1536:myOl/Ry4OOcUV89GXChSDvAXIaHNIPtv3:myAPQ9GX1DFatC3

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks