Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

E0sl4ONdra.elf

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	5.6452856872755035
Filename:	E0sl4ONdra.elf
Filesize:	108964
MD5:	362b760141ac8e22dabe55cc65e2e598
SHA1:	00f554b3dcdc377f5ddd96a3b684685dfb9f683b
SHA256:	2c0f0b2616d7e56f5f82d05e35d28be44d1187ccab83e62dcfe1a82569198817
SHA512:	ae794489e60f3e47c9337c540c059db7caeb9b88447e7b8e3715da0b0287597066308bd2f2421fdbed68480e4d529f0b95dd99e92aa687c971d4c4f6c212d85a
SSDEEP:	1536:sAcC99ax1OOEEXz4ZnMiNj7GY7GmFPCQvGgscOYgtZ8Tm:sZC99axQObiMiBogscO9om
Preview:	.ELF....................`.@.4...........4. ...(...............@...@...........................E...E.D....+..........Q.td...............................<\".'!......'.......................<8".'!... .........9'.. ........................<.".'!...$........~9

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Yara signature match	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/tmp/qemu-open.aBZOuJ (deleted)

ASCII text

dropped

Details

File:	/tmp/qemu-open.aBZOuJ (deleted)
Category:	dropped
Dump:	qemu-open.aBZOuJ (deleted).16.dr
ID:	dr_0
Target ID:	16
Process:	/tmp/E0sl4ONdra.elf
Type:	ASCII text
Entropy:	3.5633393614011144
Encrypted:	false
Ssdeep:	6:URd3d2Kmj//xT/VU8Vbs2Kmj7z/VDM/V+4D/VH:IV1mj/wEb2mj1MfF
Size:	281
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/E0sl4ONdra.elf

IPs

Domain

Country

Malicious

247.78.135.254

unknown

Reserved

223.162.206.96

unknown

China

84.80.44.220

unknown

Netherlands

202.166.225.25

unknown

China

110.225.150.238

unknown

India

152.47.196.75

unknown

United States

38.9.48.100

unknown

United States

167.8.33.28

unknown

United States

223.66.110.135

unknown

China

123.69.92.194

unknown

China

218.151.252.64

unknown

Korea Republic of

167.205.183.217

unknown

Indonesia

166.127.141.74

unknown

United States

171.206.181.132

unknown

United States

199.46.56.155

unknown

United States

89.19.50.213

unknown

United Kingdom

97.213.231.226

unknown

United States

250.52.163.120

unknown

Reserved

93.163.220.102

unknown

Denmark

167.229.131.162

unknown

United States

125.248.115.191

unknown

Korea Republic of

133.187.254.226

unknown

Japan

99.206.56.166

unknown

United States

79.124.212.101

unknown

Ukraine

201.172.45.45

unknown

Mexico

172.116.139.113

unknown

United States

2.98.84.0

unknown

United Kingdom

184.103.7.37

unknown

United States

219.179.242.106

unknown

Japan

250.66.38.9

unknown

Reserved

173.203.102.154

unknown

United States

205.147.235.15

unknown

United States

188.61.151.92

unknown

Switzerland

44.105.65.38

unknown

United States

87.117.138.144

unknown

Russian Federation

200.98.219.211

unknown

Brazil

166.100.241.221

unknown

Japan

39.103.164.0

unknown

China

43.143.26.45

unknown

Japan

113.2.57.86

unknown

China

219.246.105.250

unknown

China

115.143.142.74

unknown

Korea Republic of

45.93.168.232

unknown

Iran (ISLAMIC Republic Of)

109.95.3.189

unknown

Poland

135.180.152.255

unknown

United States

63.120.158.138

unknown

United States

27.185.11.90

unknown

China

133.27.84.127

unknown

Japan

74.98.157.12

unknown

United States

27.242.160.8

unknown

Taiwan; Republic of China (ROC)

9.153.138.10

unknown

United States

32.8.177.106

unknown

United States

66.48.47.114

unknown

United States

61.207.245.94

unknown

Japan

188.139.215.211

unknown

Syrian Arab Republic

118.198.166.237

unknown

China

76.163.41.173

unknown

United States

97.118.140.67

unknown

United States

40.122.251.108

unknown

United States

27.33.207.113

unknown

Australia

81.194.96.198

unknown

France

117.144.154.42

unknown

China

160.98.124.108

unknown

Switzerland

77.60.19.97

unknown

Netherlands

216.224.252.72

unknown

United States

165.138.30.194

unknown

United States

193.186.112.146

unknown

Austria

108.150.19.250

unknown

United States

98.167.233.137

unknown

United States

172.150.130.194

unknown

United States

43.110.37.143

unknown

Japan

20.79.32.78

unknown

United States

249.241.99.156

unknown

Reserved

121.95.0.34

unknown

Japan

57.5.138.254

unknown

Belgium

252.58.211.102

unknown

Reserved

219.118.227.191

unknown

Japan

169.135.216.28

unknown

United States

24.219.213.136

unknown

United States

157.91.133.208

unknown

United States

206.70.233.178

unknown

United States

88.23.223.149

unknown

Spain

9.254.39.208

unknown

United States

174.117.30.182

unknown

Canada

87.237.92.121

unknown

Germany

206.24.109.86

unknown

United States

5.140.74.159

unknown

Russian Federation

242.92.162.139

unknown

Reserved

81.70.1.127

unknown

China

163.21.10.200

unknown

Taiwan; Republic of China (ROC)

167.68.197.128

unknown

United States

241.143.37.26

unknown

Reserved

113.64.84.82

unknown

China

243.16.15.5

unknown

Reserved

23.50.13.102

unknown

United States

124.160.48.230

unknown

China

110.219.53.78

unknown

China

125.81.221.207

unknown

China

162.149.162.138

unknown

United States

37.151.78.129

unknown

Kazakhstan

There are 90 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7f472441a000

page execute read

7f472441a000

page execute read

7ffe06bdc000

page execute read

5603c49d1000

page read and write

7f47aacd2000

page read and write

7f47ab1e4000

page read and write

7f47a4021000

page read and write

7f47aac92000

page read and write

5603c69cf000

page execute and read and write

7f47a4000000

page read and write

5603c473f000

page execute read

7f47aac92000

page read and write

5603c49d1000

page read and write

7f47a4021000

page read and write

7f472445b000

page read and write

7f472445b000

page read and write

7f47aacb5000

page read and write

7f47aacb5000

page read and write

7f47a9e2b000

page read and write

7f47aa641000

page read and write

7f47ab003000

page read and write

7f47ab35a000

page read and write

7f472445e000

page read and write

5603c69e6000

page read and write

7f47ab1e4000

page read and write

7f47a9e2b000

page read and write

7ffe06b92000

page read and write

7f47ab35a000

page read and write

7f47ab30d000

page read and write

7f47aa633000

page read and write

5603c49c7000

page read and write

5603c473f000

page execute read

7f47aacd2000

page read and write

7f47ab30d000

page read and write

7f47aa641000

page read and write

5603c718b000

page read and write

5603c69e6000

page read and write

7f47aa633000

page read and write

7f472445e000

page read and write

5603c718b000

page read and write

5603c49c7000

page read and write

7f47aa8f1000

page read and write

7f47a4000000

page read and write

7f47aa8f1000

page read and write

7ffe06bdc000

page execute read

7f47ab315000

page read and write

7f47ab315000

page read and write

7ffe06b92000

page read and write

7f47ab003000

page read and write

5603c69cf000

page execute and read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
E0sl4ONdra.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportE0sl4ONdra.elf

Files

Processes

IPs

Memdumps

IOC Report
E0sl4ONdra.elf