mirai | ce28f399bd7c307a8b9b59a8b3e8d49d709e9edbb927bc3dbb6a53dff9cb50d2 | Triage

Submit
Reports

Overview

overview

Static

static

5

sora.arm.elf

debian-9-armhf

Sharing

General

Target

sora.arm.elf
Size

26KB
Sample

241123-sk6eksxjex
MD5

0ece4cd98d4c079c639b2186bc43b645
SHA1

48e53df0aa883a5b5c2e61f495b6e8494b713c60
SHA256

ce28f399bd7c307a8b9b59a8b3e8d49d709e9edbb927bc3dbb6a53dff9cb50d2
SHA512

fe36e497f616e1579d7b0c1af1f71c55f010775789bc84a3a41f1a592f37557124e42569dab53f3548807b4bf443fac3d540aa7eb5c9a6619687acaaf4f64bd8
SSDEEP

768:AjKX9vt6GqA3Q0jzV7EUyUq9ESvs3Uoz3:AjqtBqoB7EUBxSiz3

Score

10^/10

mirai sora botnet defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sora.arm.elf

Resource

debian9-armhf-20240611-en

mirai sora botnet defense_evasion discovery

debian-9-armhf

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  sora.arm.elf
- Size
  
  26KB
- MD5
  
  0ece4cd98d4c079c639b2186bc43b645
- SHA1
  
  48e53df0aa883a5b5c2e61f495b6e8494b713c60
- SHA256
  
  ce28f399bd7c307a8b9b59a8b3e8d49d709e9edbb927bc3dbb6a53dff9cb50d2
- SHA512
  
  fe36e497f616e1579d7b0c1af1f71c55f010775789bc84a3a41f1a592f37557124e42569dab53f3548807b4bf443fac3d540aa7eb5c9a6619687acaaf4f64bd8
- SSDEEP
  
  768:AjKX9vt6GqA3Q0jzV7EUyUq9ESvs3Uoz3:AjqtBqoB7EUBxSiz3
Score

10^/10

mirai sora botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (162826) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscovery

© 2018-2024

Terms | Privacy