Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23-11-2024 15:17

General

  • Target

    sora.arm6.elf

  • Size

    31KB

  • MD5

    db69ba03ae61598b16a347ce6d8f836c

  • SHA1

    776483947b042d186a2a9149f46820a48e4b9b82

  • SHA256

    e7f239d12a3a99b4bf6f9df7289fabe1186f60707376a1a7dd6f76e955834e10

  • SHA512

    826a6b2b0cbf7f9802ce29ac499e449a90d1a6f6b54529b68431150db149692616325806f59cda088e82bc9dd1737e5f9fe841a6b1a9b6e16b2805b83e238398

  • SSDEEP

    768:n8Lm6COq1fewdHy62pud4yNOYSOyB8Lri9q3UELdF:8LJCmjpkcMKUDLL

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/sora.arm6.elf
    /tmp/sora.arm6.elf
    1⤵
    • Reads runtime system information
    PID:657

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/657-1-0x00008000-0x0002da90-memory.dmp