Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

zfehGxWbb4.elf

ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy:	6.392196313262695
Filename:	zfehGxWbb4.elf
Filesize:	85476
MD5:	8f6057d0c7aad5019ceebd394faccdc1
SHA1:	1e3d9a6f08fbc8bc4d76a67cd15f9b9def20b6ab
SHA256:	b908cfa9989fff008ce8f8dbc10582f91dc8ed29aad0940a3af90de2443c98de
SHA512:	83b635aa9b025cd13ebaf82c931729ec8c2a61e11d00ebc55fe4137eea36852a1f15fd59face80ab825dedde11387b5bf1b4c8ec447a2b48a365145da5c30f14
SSDEEP:	1536:vhtETs/Tnrt2o0FuekOlpls53aWa1Bq8NSLiO4LWgsH9YOKnPAtRSEZpZ:vXvtSFu6CYh1Buea7YBrEd
Preview:	.ELF.......................D...4..LT.....4. ...(......................I`..I`...... .......Id..id..id......&0...... .dt.Q............................NV..a....da...+`N^NuNV..J9..l.f>"y..i\| QJ.g.X.#...i\|N."y..i\| QJ.f.A.....J.g.Hy..I`N.X.......l.N^NuNV..N^NuN

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Yara signature match	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/tmp/qemu-open.qhCbmC (deleted)

ASCII text

dropped

Details

File:	/tmp/qemu-open.qhCbmC (deleted)
Category:	dropped
Dump:	qemu-open.qhCbmC (deleted).16.dr
ID:	dr_0
Target ID:	16
Process:	/tmp/zfehGxWbb4.elf
Type:	ASCII text
Entropy:	3.5716053289011684
Encrypted:	false
Ssdeep:	6:Yh4gDFZNQ3j/VUR4DFZN13j/VfKoO/VNfiY/VH:YhN1fRw113Kl
Size:	293
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/zfehGxWbb4.elf

IPs

Domain

Country

Malicious

209.19.202.105

unknown

United States

171.212.20.45

unknown

China

142.80.215.189

unknown

Canada

115.70.97.111

unknown

Australia

70.169.77.225

unknown

United States

8.63.103.123

unknown

United States

242.180.30.221

unknown

Reserved

197.132.217.154

unknown

Egypt

241.196.237.196

unknown

Reserved

148.64.185.204

unknown

United States

212.30.125.187

unknown

France

133.137.4.77

unknown

Japan

174.76.47.27

unknown

United States

188.102.19.137

unknown

Germany

115.169.55.139

unknown

China

193.38.245.172

unknown

124.225.233.87

unknown

China

82.25.135.13

unknown

United Kingdom

192.139.223.227

unknown

Canada

116.211.189.229

unknown

China

118.80.234.168

unknown

China

193.21.237.88

unknown

Germany

118.8.252.53

unknown

Japan

176.104.88.172

unknown

Spain

168.123.40.248

unknown

Guam

240.254.56.232

unknown

Reserved

253.138.115.225

unknown

Reserved

69.89.165.157

unknown

United States

242.186.81.88

unknown

Reserved

106.54.63.210

unknown

China

218.57.188.57

unknown

China

68.186.128.108

unknown

United States

115.18.198.32

unknown

Korea Republic of

195.52.179.48

unknown

Germany

204.162.204.254

unknown

United States

92.24.64.134

unknown

United Kingdom

133.188.80.64

unknown

Japan

201.27.115.39

unknown

Brazil

167.123.35.215

unknown

Australia

136.76.251.150

unknown

United States

110.61.10.59

unknown

China

163.237.249.174

unknown

United States

47.215.241.26

unknown

United States

130.251.152.19

unknown

Italy

27.65.117.218

unknown

Viet Nam

2.229.148.236

unknown

Italy

172.170.142.191

unknown

United States

100.169.210.152

unknown

United States

9.23.88.243

unknown

United States

152.252.1.42

unknown

Brazil

153.1.190.159

unknown

Finland

122.33.60.146

unknown

Korea Republic of

212.57.149.162

unknown

Russian Federation

66.240.47.80

unknown

United States

187.161.94.190

unknown

Mexico

182.107.224.104

unknown

China

14.238.153.6

unknown

Viet Nam

188.135.208.107

unknown

Italy

159.7.108.111

unknown

Sweden

38.21.136.31

unknown

United States

136.82.27.62

unknown

United States

24.87.37.2

unknown

Canada

160.78.224.28

unknown

Italy

109.205.250.70

unknown

Russian Federation

115.116.117.233

unknown

India

106.130.199.24

unknown

Japan

177.3.17.25

unknown

Brazil

207.185.118.211

unknown

United States

147.57.192.54

unknown

United States

66.7.38.146

unknown

United States

24.166.152.195

unknown

United States

35.210.16.66

unknown

United States

197.40.144.147

unknown

Egypt

244.210.21.73

unknown

Reserved

196.143.151.44

unknown

Egypt

250.32.103.215

unknown

Reserved

83.171.193.49

unknown

Lebanon

182.122.239.165

unknown

China

88.89.194.46

unknown

Norway

145.74.106.129

unknown

Netherlands

201.95.143.251

unknown

Brazil

152.54.238.186

unknown

United States

94.50.44.27

unknown

Russian Federation

194.165.156.253

unknown

Jordan

1.168.57.133

unknown

Taiwan; Republic of China (ROC)

41.110.216.179

unknown

Algeria

191.29.23.39

unknown

Brazil

208.63.21.91

unknown

United States

66.66.33.53

unknown

United States

117.192.26.234

unknown

India

246.101.85.53

unknown

Reserved

167.121.106.206

unknown

United States

78.145.86.2

unknown

United Kingdom

63.148.60.92

unknown

United States

37.222.227.77

unknown

Spain

184.16.65.218

unknown

United States

12.28.160.14

unknown

United States

24.115.119.53

unknown

United States

123.126.77.128

unknown

China

191.77.170.37

unknown

Colombia

There are 90 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe4ac000000

page read and write

7ffc084f6000

page execute read

7fe4b271a000

page read and write

7fe4b25e9000

page read and write

7fe42c01b000

page read and write

7fe4b2279000

page read and write

7fe4b1c1a000

page read and write

55604a08d000

page execute and read and write

556047e55000

page execute read

55604a124000

page read and write

7fe42c018000

page read and write

7ffc084eb000

page read and write

7fe42c016000

page execute read

55604808f000

page read and write

7fe4b275f000

page read and write

7fe42c016000

page execute read

7fe4b1417000

page read and write

7fe4b2279000

page read and write

55604a124000

page read and write

7fe4b1c28000

page read and write

7fe4b229e000

page read and write

7fe4b25e9000

page read and write

7fe4b1c28000

page read and write

55604a08d000

page execute and read and write

55604808f000

page read and write

7ffc084eb000

page read and write

7fe4b271a000

page read and write

7fe4ac000000

page read and write

7fe42c018000

page read and write

7fe4b275f000

page read and write

7fe4ac021000

page read and write

7fe4b2712000

page read and write

7fe4b2712000

page read and write

7fe4b1417000

page read and write

7fe4b1c1a000

page read and write

7fe4b229e000

page read and write

55604b191000

page read and write

7fe4b1eb7000

page read and write

7fe4b1eb7000

page read and write

556047e55000

page execute read

55604b191000

page read and write

7fe42c01b000

page read and write

7ffc084f6000

page execute read

556048087000

page read and write

556048087000

page read and write

7fe4ac021000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zfehGxWbb4.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportzfehGxWbb4.elf

Files

Processes

IPs

Memdumps

IOC Report
zfehGxWbb4.elf