Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Uskdvdckvm.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/Uskdvdckvm.elf
Source:	Uskdvdckvm.elf
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/Uskdvdckvm.elf
Source:	Uskdvdckvm.elf
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

7fec1d4f3000

page read and write

7fec1ce71000

page read and write

7fec1d841000

page read and write

563a1afa0000

page read and write

7fec1cf03000

page read and write

7fec18021000

page read and write

7fec1db6f000

page read and write

7fec1da22000

page read and write

7fec1db4b000

page read and write

7feb18032000

page read and write

7fec1d265000

page read and write

7fff86595000

page execute read

7feb1803d000

page read and write

7fec1dbb4000

page read and write

563a1b4e6000

page read and write

7fec1c669000

page read and write

563a18d31000

page execute read

563a18f8b000

page read and write

7fff864cd000

page read and write

563a18f82000

page read and write

7fec17fff000

page read and write

7fec1d4d0000

page read and write

7feb18029000

page execute read

563a1af89000

page execute and read and write

7fec1d65f000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Uskdvdckvm.elf

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportUskdvdckvm.elf

Processes

URLs

Domains

Memdumps

IOC Report
Uskdvdckvm.elf