Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

z0FwvGSnDF

ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy:	6.212564047873712
Filename:	z0FwvGSnDF
Filesize:	53056
MD5:	dafbf75b66b11d7d3b2dcd284c8ac302
SHA1:	d1736cc4d7efab8522907550ae0ad5c2e52b296e
SHA256:	a524c003fb6dda1f77eda693accef4fff0a0d9fbe7bb0dcfeaa319e526367258
SHA512:	808496017ae6c062911902ca70339272371723cdb979f7039cf13e46869557b33e3a9017f9738f7aaa6b35147eb09622195c564d599816be4e34848c7daf4022
SSDEEP:	768:mLGOe2kf9e9X9nbermI7vc59QPQs5gFHviPuzWeHXpi2UJTpDnH638gZ:mL/4f8F1ef0YgFvimzpZi2UJJnHY8w
Preview:	.ELF.......................D...4.........4. ...(.................................. ....................p.......... .dt.Q............................NV..a....da.....N^NuNV..J9...pf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........pN^NuNV..N^NuN

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery

/var/crash/_usr_share_apport_apport-checkreports.1000.crash

ASCII text

dropped

Details

File:	/var/crash/_usr_share_apport_apport-checkreports.1000.crash
Category:	dropped
Dump:	_usr_share_apport_apport-checkreports.1000.crash.14.dr
ID:	dr_0
Target ID:	14
Process:	/usr/share/apport/apport-checkreports
Type:	ASCII text
Entropy:	4.684276917760678
Encrypted:	false
Ssdeep:	192:FbsJrszJG+PFNL0aM3AhWAFRAWHzEimaKPIihbM:A6FNLBzEie2
Size:	14916
Whitelisted:	false
Reputation:	low

/var/crash/_usr_share_apport_apport-gtk.1000.crash

ASCII text

dropped

Details

File:	/var/crash/_usr_share_apport_apport-gtk.1000.crash
Category:	dropped
Dump:	_usr_share_apport_apport-gtk.1000.crash.20.dr
ID:	dr_1
Target ID:	20
Process:	/usr/share/apport/apport-gtk
Type:	ASCII text
Entropy:	4.499763637776248
Encrypted:	false
Ssdeep:	768:Jj/w9/Z///f/QNgrZaqGqdL/k7NA3GcA3l:JjC/Z///f/3aqGqdL/k7NA3GcA3l
Size:	47094
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/z0FwvGSnDF

/usr/bin/qemu-m68k /tmp/z0FwvGSnDF

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-checkreports

/usr/bin/python3 /usr/share/apport/apport-checkreports --system

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-gtk

/usr/bin/python3 /usr/share/apport/apport-gtk

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-gtk

/usr/bin/python3 /usr/share/apport/apport-gtk

There are 9 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

27.207.129.233

unknown

China

112.95.114.170

unknown

China

121.134.140.247

unknown

Korea Republic of

62.101.96.107

unknown

Italy

89.108.182.73

unknown

Lebanon

212.64.174.180

unknown

Spain

218.3.209.122

unknown

China

193.204.194.25

unknown

Italy

116.234.228.208

unknown

China

69.162.158.5

unknown

United States

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

IPs