General
-
Target
sora.mpsl.elf
-
Size
29KB
-
Sample
240630-hnmrjavbld
-
MD5
51d75490752ff6720566784cbb865bb4
-
SHA1
a9c7582e33a7533b0bb8f51bd1b64363aec8572c
-
SHA256
a9ef6557ac849b117330a96fa1a68f595f7f8706892047bd605750bf4e5c2fbb
-
SHA512
ed551a303f0f7c6bf349799d6cb07d3bf87d9c055797d8072af4a6c5d8d6bb4ba7ec6eb81593b6d24aae9454424c92587b5772b7d05fb90a14aa43c040de5969
-
SSDEEP
768:a1uUtLrVDsAp6tLIWmj3HfiM4o/6YGvVbWym/bs2JbsWU2:abDs06tURj5xXGvlKTs2g2
Malware Config
Extracted
mirai
SORA
Targets
-
-
Target
sora.mpsl.elf
-
Size
29KB
-
MD5
51d75490752ff6720566784cbb865bb4
-
SHA1
a9c7582e33a7533b0bb8f51bd1b64363aec8572c
-
SHA256
a9ef6557ac849b117330a96fa1a68f595f7f8706892047bd605750bf4e5c2fbb
-
SHA512
ed551a303f0f7c6bf349799d6cb07d3bf87d9c055797d8072af4a6c5d8d6bb4ba7ec6eb81593b6d24aae9454424c92587b5772b7d05fb90a14aa43c040de5969
-
SSDEEP
768:a1uUtLrVDsAp6tLIWmj3HfiM4o/6YGvVbWym/bs2JbsWU2:abDs06tURj5xXGvlKTs2g2
-
Contacts a large (48510) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-