Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/AkV7DALWTe.elf

Domains

Name

Malicious

kovey.mezo-api.xyz

45.131.111.219

kovey.mezo-api.xyz.; fJ66a/PV!E(j5OXv; fLOOPV!a/EAI@@

unknown

kovey.mezo-api.xyz.; f66a/PV!E(W95l; f\OOPV!a/EA_@@

unknown

kovey.mezo-api.xyz.U; f66a/PV!E(958NCU; fJJPV!a/E<:@@

unknown

kovey.mezo-api.xyz.; fh66a/PV!E(o@:>5CyQ; fiOOPV!a/EA|@@j

unknown

kovey.mezo-api.xyz.U; f?66a/PV!E(&(:5CU; fsOOPV!a/EAp@@v

unknown

kovey.mezo-api.xyz.; fIZ66a/PV!E(!:5; f[OOPV!a/EA,@@

unknown

kovey.mezo-api.xyz.U; f66a/PV!E(vw:75CU; fOOPV!a/EA_@@

unknown

kovey.mezo-api.xyz.v; f66a/PV!E(59y-5,`"=v; fOOPV!a/EA@@E

unknown

kovey.mezo-api.xyz.; fd66a/PV!E(c:5c?; fdJJPV!a/E<l @@n

unknown

kovey.mezo-api.xyz.; f3A66a/PV!E(ij5(H; f!BOOPV!a/EA@@d

unknown

kovey.mezo-api.xyz.; f866a/PV!E(fj5zQ; f~8OOPV!a/EA@@P

unknown

kovey.mezo-api.xyz.; f66a/PV!E(Ni9`5; fPOOPV!a/EA@@G

unknown

kovey.mezo-api.xyz.; fr66a/PV!E(:i5Z; ftOOPV!a/EA@@S

unknown

kovey.mezo-api.xyz.; f66a/PV!E(9?5@Q; f?OOPV!a/EA@@_

unknown

kovey.mezo-api.xyz.; fj66a/PV!E(:P5DQ; fJJPV!a/E<{@@-

unknown

kovey.mezo-api.xyz.v; fD66a/PV!E(:d5"=v; fOOPV!a/EA@@+

unknown

kovey.mezo-api.xyz.; fq66a/PV!E($j[594; fmOOPV!a/EA@@b

unknown

kovey.mezo-api.xyz.; f~66a/PV!E(95]; f~JJPV!a/E<@@

unknown

kovey.mezo-api.xyz.v; fI66a/PV!E(Z8:S5l "=v; fKOOPV!a/EA@@O

unknown

kovey.mezo-api.xyz.; f66a/PV!E(95Q; f_OOPV!a/EA@@T

unknown

kovey.mezo-api.xyz.; f66a/PV!E(&:5C; fOOPV!a/EA1@@

unknown

kovey.mezo-api.xyz.v; fz66a/PV!E(9k9u5"=v; fC{OOPV!a/EA@@A

unknown

kovey.mezo-api.xyz.T; f66a/PV!E(95"dCT; fOOPV!a/EAT@@

unknown

kovey.mezo-api.xyz.v; f66a/PV!E(:;5"=v; fTJJPV!a/E<N@@

unknown

kovey.mezo-api.xyz.U; fb66a/PV!E(:%5CU; fOOPV!a/EAY@@

unknown

There are 16 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

45.131.111.219

kovey.mezo-api.xyz

Germany

Details

IP:	45.131.111.219
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	398373
ASN name:	SERVERDESTROYERSUS
Private:	false
Domain:	kovey.mezo-api.xyz

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8057000

page execute read

Details

Name:	5460.1.0000000008048000.0000000008057000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	8057000
Size:	61440

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

9249000

page read and write

805a000

page read and write

8058000

page read and write

ffee7000

page read and write

f7fcb000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
AkV7DALWTe.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAkV7DALWTe.elf

Processes

Domains

IPs

Memdumps

IOC Report
AkV7DALWTe.elf