Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sYlwfFFwFb.elf

ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy:	6.1268303176256484
Filename:	sYlwfFFwFb.elf
Filesize:	91276
MD5:	954e3deebe9a4c80d0c77efd860c6ca2
SHA1:	a633575ae42112c567aa0374448fbfcd62793e53
SHA256:	20e4d5fc1151694a4c95b2798325c64a46ce55420f333b81a9ec8b3854314a3b
SHA512:	6301a95a9a4e17d1d2ad3bfb5b960a5ccc94d30efe023f195ccd1655605580b3ad32192a3ea3218ac6c9bf5761e2c37fcfa92e6d0c1c145b862a227d9c7efb10
SSDEEP:	1536:RW+K+V0Sli9mz+W/uatkL2vGTQ4l9GXh75K4q2tjr:gUWmqlTVl0XhVKsr
Preview:	.ELF...........................4..b......4. ...(......................Y0..Y0..............`...`...`.......&.........dt.Q................................@..(....@.N.................#.....b...`.....!..... ...@.....".........`......$ ... ...@...........`....

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Yara signature match	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/tmp/qemu-open.17RnHs (deleted)

ASCII text

dropped

Details

File:	/tmp/qemu-open.17RnHs (deleted)
Category:	dropped
Dump:	qemu-open.17RnHs (deleted).16.dr
ID:	dr_0
Target ID:	16
Process:	/tmp/sYlwfFFwFb.elf
Type:	ASCII text
Entropy:	3.5570175927487178
Encrypted:	false
Ssdeep:	6:MGDFgwgA08Pj/VUT4DFgwgA02AT/VfKoO/VNfiY/VH:MCC00jcC00r6l
Size:	275
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/sYlwfFFwFb.elf

IPs

Domain

Country

Malicious

145.155.255.155

unknown

Netherlands

122.249.144.174

unknown

Japan

100.163.223.215

unknown

United States

212.168.154.122

unknown

Germany

36.172.162.119

unknown

China

146.128.11.229

unknown

United States

203.120.137.163

unknown

Singapore

124.225.111.154

unknown

China

71.236.205.139

unknown

United States

175.36.0.196

unknown

Australia

208.105.0.121

unknown

United States

146.248.56.174

unknown

Switzerland

24.255.166.25

unknown

United States

144.22.49.239

unknown

Costa Rica

207.137.79.203

unknown

United States

19.197.165.19

unknown

United States

23.36.14.145

unknown

United States

147.162.189.27

unknown

Italy

57.147.55.149

unknown

Belgium

81.235.23.41

unknown

Sweden

203.207.38.161

unknown

Taiwan; Republic of China (ROC)

216.40.58.2

unknown

United States

94.128.36.113

unknown

Kuwait

99.96.36.137

unknown

United States

39.106.110.74

unknown

China

91.223.243.40

unknown

Estonia

19.94.30.244

unknown

United States

119.67.50.131

unknown

Korea Republic of

136.32.207.14

unknown

United States

193.206.84.170

unknown

Italy

114.122.72.245

unknown

Indonesia

222.50.224.20

unknown

China

189.233.26.127

unknown

Mexico

122.157.158.95

unknown

China

154.27.158.201

unknown

United States

16.60.141.52

unknown

United States

9.64.243.95

unknown

United States

23.44.156.67

unknown

United States

105.167.98.144

unknown

Kenya

90.228.7.14

unknown

Sweden

111.24.180.241

unknown

China

35.68.160.54

unknown

United States

141.36.138.37

unknown

Germany

161.60.167.63

unknown

United States

112.113.215.222

unknown

China

217.80.47.219

unknown

Germany

219.179.87.96

unknown

Japan

123.157.211.207

unknown

China

200.28.64.233

unknown

Chile

108.135.99.95

unknown

United States

115.13.178.126

unknown

Korea Republic of

250.51.125.65

unknown

Reserved

162.118.164.97

unknown

United States

14.33.47.218

unknown

Korea Republic of

208.255.76.224

unknown

United States

162.114.123.192

unknown

United States

117.46.46.117

unknown

Japan

96.209.148.223

unknown

United States

44.114.179.252

unknown

United States

190.0.12.246

unknown

Colombia

66.0.222.71

unknown

United States

13.219.95.246

unknown

United States

222.4.245.75

unknown

Japan

198.15.50.168

unknown

Australia

98.229.39.176

unknown

United States

155.135.68.72

unknown

United States

179.158.195.248

unknown

Brazil

72.194.18.202

unknown

United States

106.70.232.100

unknown

Australia

170.121.203.218

unknown

United States

247.4.124.150

unknown

Reserved

65.243.5.148

unknown

United States

103.227.88.109

unknown

Hong Kong

32.174.55.218

unknown

United States

136.67.15.243

unknown

United States

155.161.132.179

unknown

United States

210.35.196.46

unknown

China

213.174.240.235

unknown

Austria

122.148.156.35

unknown

Australia

150.60.198.82

unknown

Japan

47.22.179.51

unknown

United States

160.232.44.191

unknown

United States

206.116.126.246

unknown

Canada

165.186.106.195

unknown

Korea Republic of

190.59.122.171

unknown

Trinidad and Tobago

166.30.87.36

unknown

United States

194.91.203.62

unknown

Japan

16.169.52.230

unknown

United States

13.76.64.165

unknown

United States

213.7.29.116

unknown

Cyprus

75.27.117.86

unknown

United States

180.166.5.102

unknown

China

157.105.38.113

unknown

Japan

218.71.71.211

unknown

China

212.10.113.188

unknown

Denmark

2.160.99.144

unknown

Germany

91.133.239.15

unknown

Iran (ISLAMIC Republic Of)

8.47.122.20

unknown

United States

74.175.250.129

unknown

United States

79.184.13.208

unknown

Poland

There are 90 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7f76f8027000

page execute read

7f76f8027000

page execute read

55b2dce1e000

page read and write

55b2da0c9000

page execute read

55b2da2f7000

page read and write

7ffea3532000

page read and write

7f77f8000000

page read and write

7f76f803b000

page read and write

7f77fd705000

page read and write

7ffea3532000

page read and write

7f77fd82e000

page read and write

55b2dc2fe000

page execute and read and write

7f77fd3ba000

page read and write

7f77fcd44000

page read and write

7f76f8038000

page read and write

7f77fcd36000

page read and write

7f77fc533000

page read and write

7f77fcd36000

page read and write

55b2dc315000

page read and write

7f77fc533000

page read and write

7ffea357c000

page execute read

7f77fd395000

page read and write

7f77f8021000

page read and write

7f77fcd44000

page read and write

7f77fd87b000

page read and write

7f77fd3ba000

page read and write

7f77fd82e000

page read and write

7f77fd395000

page read and write

7f77f8021000

page read and write

7f77fcfd3000

page read and write

7ffea357c000

page execute read

7f77f8000000

page read and write

55b2dc315000

page read and write

7f77fd87b000

page read and write

7f77fd705000

page read and write

7f77fd836000

page read and write

7f77fd836000

page read and write

55b2dc2fe000

page execute and read and write

7f77fcfd3000

page read and write

55b2da300000

page read and write

55b2da0c9000

page execute read

7f76f8038000

page read and write

55b2dce1e000

page read and write

7f76f803b000

page read and write

55b2da300000

page read and write

55b2da2f7000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sYlwfFFwFb.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportsYlwfFFwFb.elf

Files

Processes

IPs

Memdumps

IOC Report
sYlwfFFwFb.elf