Overview

overview

10

Static

static

10

DEMONS.x86.elf

ubuntu-24.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DEMONS.x86.elf

  • Size

    48KB

  • Sample

    250102-pz7peavpfq

  • MD5

    710aa4b7fe1bd6f95c06e993b767a7cb

  • SHA1

    5c3ab7f8799af46fb766155e1a3ced18992992f4

  • SHA256

    5cdc21593c56cc3126b331cbe3fdbfef468feeefb3ee490623a1c9b9338425d5

  • SHA512

    c37914df3f4c859ee5bbe9b36e248aea0693a5d51353a37dc51f5af2f93169bd96c651af059e5331e8d1f7791d1e5720a23e55759696861f0b5338cb3362fc77

  • SSDEEP

    1536:R4siMVoqpRt1+fj4btHOQdaYYZ5IwgJb4aq:9VoyX1+fj4bBPM/ixbjq

Score
10/10
miraisoradiscoverylinuxrootkit

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      DEMONS.x86.elf

    • Size

      48KB

    • MD5

      710aa4b7fe1bd6f95c06e993b767a7cb

    • SHA1

      5c3ab7f8799af46fb766155e1a3ced18992992f4

    • SHA256

      5cdc21593c56cc3126b331cbe3fdbfef468feeefb3ee490623a1c9b9338425d5

    • SHA512

      c37914df3f4c859ee5bbe9b36e248aea0693a5d51353a37dc51f5af2f93169bd96c651af059e5331e8d1f7791d1e5720a23e55759696861f0b5338cb3362fc77

    • SSDEEP

      1536:R4siMVoqpRt1+fj4btHOQdaYYZ5IwgJb4aq:9VoyX1+fj4bBPM/ixbjq

    Score
    9/10
    discoveryrootkit

    • Contacts a large (343679) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks