Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

dvxuxG34sk.elf

ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy:	6.10534886576792
Filename:	dvxuxG34sk.elf
Filesize:	65460
MD5:	00d1f86f94f89a0bc157e9f9a0ba8902
SHA1:	11dad6f9edbd732549ae0c667d2d255c38c2f149
SHA256:	82e11ef42181a31afbba5cc941831b149dec6cd4ef5cdfedc7e6c27526b4dbb0
SHA512:	ffe309fefd72adf2848a88f160326c6e08eac9a6edef9614b0576756b345e7287c91fc44d2c3ff59bcd92c30499f8914342793e31b6ad5689fb38ee692cce8d8
SSDEEP:	1536:CbPSQeGdSkW14ZUDd7mgS2Dtsg756tl9ti:AKOBp4sgVsti
Preview:	.ELF...........................4.........4. ...(..........................................................%.........dt.Q................................@..(....@.4*................#.....a...`.....!....."...@.....".........`......$"..."...@...........`....

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Sample deletes itself	Hooking and other Techniques for Hiding and Protection	File Deletion
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Yara signature match	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/tmp/qemu-open.q0LbGq (deleted)

data

dropped

Details

File:	/tmp/qemu-open.q0LbGq (deleted)
Category:	dropped
Dump:	qemu-open.q0LbGq (deleted).12.dr
ID:	dr_0
Target ID:	12
Process:	/tmp/dvxuxG34sk.elf
Type:	data
Entropy:	4.481727678869737
Encrypted:	false
Ssdeep:	3:TgldQgWAJDiHJN:TgwgHNkJN
Size:	30
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/dvxuxG34sk.elf

Domains

Name

Malicious

kovey.mezo-api.xyz

45.131.111.219

Details

Name:	kovey.mezo-api.xyz
IP:	45.131.111.219
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS queries to domains with low reputation	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

45.131.111.219

kovey.mezo-api.xyz

Germany

Details

IP:	45.131.111.219
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	398373
ASN name:	SERVERDESTROYERSUS
Private:	false
Domain:	kovey.mezo-api.xyz

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7f3b24021000

page execute read

7f3c2b254000

page read and write

7f3c2b986000

page read and write

7f3c24000000

page read and write

7f3c2afc5000

page read and write

7ffe124e2000

page execute read

7f3c2afb7000

page read and write

7f3c2b63b000

page read and write

7f3c2b616000

page read and write

7f3c2baaf000

page read and write

7f3b24031000

page read and write

7f3c2bafc000

page read and write

7f3c2bab7000

page read and write

7f3b24034000

page read and write

55ad551ea000

page read and write

55ad571e8000

page execute and read and write

55ad571ff000

page read and write

55ad57d04000

page read and write

55ad54fb3000

page execute read

7ffe12481000

page read and write

7f3c24021000

page read and write

7f3c2a7b4000

page read and write

55ad551e1000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
dvxuxG34sk.elf

Files

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportdvxuxG34sk.elf

Files

Processes

Domains

IPs

Memdumps

IOC Report
dvxuxG34sk.elf