Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.CCZ0GZYFXn /tmp/tmp.uAOKcDQXwM /tmp/tmp.ZsJD7a92tz

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.CCZ0GZYFXn

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.CCZ0GZYFXn

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.CCZ0GZYFXn /tmp/tmp.uAOKcDQXwM /tmp/tmp.ZsJD7a92tz

/tmp/B7cl2k3l7y.elf

There are 11 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	32
From Memory:	true
Current Path:	/tmp/B7cl2k3l7y.elf
Source:	B7cl2k3l7y.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55a256b92000

page read and write

7f6abbfff000

page read and write

55a25413b000

page read and write

7f6ac3852000

page read and write

7f6ac4371000

page read and write

7f6ac44be000

page read and write

7f69bc02d000

page read and write

7f6ac37c0000

page read and write

7f6ac3e1f000

page read and write

7f6ac2fb8000

page read and write

7f6abc021000

page read and write

7ffca7b56000

page read and write

55a253ee1000

page execute read

7f6ac3bb4000

page read and write

7f69bc01e000

page execute read

7f6ac3fae000

page read and write

55a256139000

page execute and read and write

7f6ac4503000

page read and write

7f6ac3e42000

page read and write

7f6ac449a000

page read and write

55a256150000

page read and write

55a254132000

page read and write

7ffca7ba7000

page execute read

7f6abb7fe000

page read and write

7f6ac4190000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
B7cl2k3l7y.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportB7cl2k3l7y.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
B7cl2k3l7y.elf