Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/310kHPPXaM.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.TfkEzT1eOv /tmp/tmp.yJ2gDayQpJ /tmp/tmp.Ww0U5vbiaF

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.TfkEzT1eOv

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.TfkEzT1eOv

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.TfkEzT1eOv /tmp/tmp.yJ2gDayQpJ /tmp/tmp.Ww0U5vbiaF

There are 11 hidden processes, click here to show them.

URLs

Name

Malicious

https://motd.ubuntu.com/

34.254.182.186

Details

Name:	https://motd.ubuntu.com/
IP:	34.254.182.186
TargetID:	-1
From Memory:	false
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/310kHPPXaM.elf
Source:	310kHPPXaM.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

54.217.10.153

unknown

United States

34.254.182.186

unknown

United States

Details

IP:	34.254.182.186
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f0db800b000

page execute read

55d95709b000

page execute and read and write

7f0eaf9a9000

page read and write

7f0eb0ca4000

page read and write

7f0eb0449000

page read and write

7f0db800c000

page execute and read and write

7f0eb01ac000

page read and write

7f0ea8000000

page read and write

55d95509d000

page read and write

7f0ea8021000

page read and write

7f0db8024000

page read and write

7f0db8009000

page execute and read and write

55d9570b1000

page read and write

55d955095000

page read and write

55d954e12000

page execute read

7f0eb0b7b000

page read and write

7f0eb080b000

page read and write

55d957c52000

page read and write

7f0eb01ba000

page read and write

7f0eb0830000

page read and write

7f0db8011000

page execute and read and write

7ffe34fc6000

page execute read

7f0eb0cac000

page read and write

7f0db8010000

page execute read

7f0eb0cf1000

page read and write

7ffe34f49000

page read and write

7f0db8002000

page execute read

There are 17 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
310kHPPXaM.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report310kHPPXaM.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
310kHPPXaM.elf