Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/gwX4DFn6ue.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.fp4DJdWBoT /tmp/tmp.8HjWXLsyfB /tmp/tmp.nLnZo31oWc

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.fp4DJdWBoT

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.fp4DJdWBoT

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.fp4DJdWBoT /tmp/tmp.8HjWXLsyfB /tmp/tmp.nLnZo31oWc

There are 11 hidden processes, click here to show them.

URLs

Name

Malicious

https://motd.ubuntu.com/

54.171.230.55

Details

Name:	https://motd.ubuntu.com/
IP:	54.171.230.55
TargetID:	-1
From Memory:	false
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

54.247.62.1

unknown

United States

Details

IP:	54.247.62.1
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

560f8f805000

page read and write

7ffcdc13d000

page read and write

560f9181a000

page read and write

7f10a6ee1000

page read and write

7f10a70c2000

page read and write

7f0fa0027000

page execute read

7f10a6905000

page read and write

7f10a6b93000

page read and write

7f10a65a3000

page read and write

560f8f7fc000

page read and write

560f91f42000

page read and write

560f91803000

page execute and read and write

7f10a6cff000

page read and write

7f10a0021000

page read and write

7f10a720f000

page read and write

7f10a6511000

page read and write

7f10a6b70000

page read and write

7ffcdc1b6000

page execute read

7f0fa005a000

page read and write

7f10a7254000

page read and write

7f109f7fe000

page read and write

7f10a5d09000

page read and write

560f8f5ab000

page execute read

7f109ffff000

page read and write

7f10a71eb000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
gwX4DFn6ue.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportgwX4DFn6ue.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
gwX4DFn6ue.elf