Overview

overview

10

Static

static

5

sora.arm7.elf

debian-12-armhf

10

Analysis

  • max time kernel
    0s
  • max time network
    155s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    08/12/2024, 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sora.arm7.elf

  • Size

    51KB

  • MD5

    2182898ddf91a14ea5b863aa2158bb1a

  • SHA1

    80f4968706df66ef32ee218fb0395c2b804d6cb2

  • SHA256

    88abb772ce3cd6c61be1b3d70b7c1f3dab254cb7f06c090aec827b1d0b022954

  • SHA512

    628f7cc1294c47712fb4cb5c215506b41da560bca59386958022fe341aeccbbe4545d29e0970ae4c472a07a39a64f3f7f5bc11caa0f48f11217f39b1e0e531c8

  • SSDEEP

    1536:d9O/ZMAXIxNUk0ULcPqF1aBexo4opKZbT:d9O/ZNKywLGqFUF6

Score
10/10
miraisorabotnetdiscovery

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Mirai family
    mirai
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/sora.arm7.elf
    /tmp/sora.arm7.elf
    1⤵
    • Reads runtime system information
    PID:707

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads