Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ovLjmo5UoE

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	7.871362919929778
Filename:	ovLjmo5UoE
Filesize:	26184
MD5:	96468aa8293a504d9431860381691baf
SHA1:	a2e7baff712d4a1a41b2b83f60e0afcbaa774190
SHA256:	6596ffeba4d8ea7bc59db3f41d511c1241263f9dd3c01a5657c89279bc8c4fd5
SHA512:	459cade4bd23f5e3f7318d1ddb98789862d6a84b47dd0e0cb6fbcf58f13a0adb10b2799ef023ff00e23081d0b4fd33e777211026a5327302052f3ddd091e0b96
SSDEEP:	768:12G214DFyosXqgvV9o1ndB08F+JgGlzDpbuR1J9:12GdDgosaaO1ndmVJuv
Preview:	.ELF......................Q....4.........4. ...(......................e...e..................E...E......................UPX!.h.........T...T.......T.......?.E.h4...@b..) ..]....E...GS.U....e5.T3z".J{..m...\|0.L.!Q.....j...]......Yt.//..@...,..N............

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

/proc/4602/oom_score_adj

ASCII text

dropped

Details

File:	/proc/4602/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.16.dr
ID:	dr_0
Target ID:	16
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	moderate

/proc/4722/oom_score_adj

ASCII text

dropped

Details

File:	/proc/4722/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.32.dr
ID:	dr_3
Target ID:	32
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	moderate

/proc/4818/oom_score_adj

ASCII text

dropped

Details

File:	/proc/4818/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.46.dr
ID:	dr_6
Target ID:	46
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	moderate

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.46.dr
ID:	dr_7
Target ID:	46
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.9219280948873623
Encrypted:	false
Ssdeep:	3:Iv:Iv
Size:	5
Whitelisted:	false
Reputation:	moderate

/var/cache/snapd/sections.M3RYNM10pCQM

ASCII text

dropped

Details

File:	/var/cache/snapd/sections.M3RYNM10pCQM
Category:	dropped
Dump:	sections.M3RYNM10pCQM.44.dr
ID:	dr_5
Target ID:	44
Process:	/usr/lib/snapd/snapd
Type:	ASCII text
Entropy:	4.149772078213831
Encrypted:	false
Ssdeep:	6:+JwAuG+uP2J5I9W6IzvS5/GAEwKnK/JBMlvuNjpeWPnXMISz:J02Jt6W8ce+Oj8WX6
Size:	257
Whitelisted:	false
Reputation:	moderate

/var/cache/snapd/sections.nCHfbhTWJ818

ASCII text

dropped

Details

File:	/var/cache/snapd/sections.nCHfbhTWJ818
Category:	dropped
Dump:	sections.nCHfbhTWJ818.28.dr
ID:	dr_2
Target ID:	28
Process:	/usr/lib/snapd/snapd
Type:	ASCII text
Entropy:	4.149772078213831
Encrypted:	false
Ssdeep:	6:+JwAuG+uP2J5I9W6IzvS5/GAEwKnK/JBMlvuNjpeWPnXMISz:J02Jt6W8ce+Oj8WX6
Size:	257
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/tmp/ovLjmo5UoE

/usr/bin/qemu-mips /tmp/ovLjmo5UoE

/tmp/ovLjmo5UoE

n/a

/tmp/ovLjmo5UoE

n/a

/tmp/ovLjmo5UoE

n/a

/tmp/ovLjmo5UoE

n/a

/tmp/ovLjmo5UoE

n/a

/tmp/ovLjmo5UoE

n/a

/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/lib/systemd/systemd

n/a

/usr/sbin/NetworkManager

/usr/sbin/NetworkManager --no-daemon

/lib/systemd/systemd

n/a

/usr/bin/nm-online

/usr/bin/nm-online -s -q --timeout=30

/lib/systemd/systemd

n/a

/usr/lib/NetworkManager/nm-dispatcher

n/a

/etc/NetworkManager/dispatcher.d/01ifupdown

/bin/sh -e /etc/NetworkManager/dispatcher.d/01ifupdown none hostname

/lib/systemd/systemd

n/a

/lib/systemd/systemd-hostnamed

/lib/systemd/systemd

n/a

/usr/lib/snapd/snapd

/lib/systemd/systemd

n/a

/sbin/iscsiadm

/sbin/iscsiadm -k 0 2

/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/lib/systemd/systemd

n/a

/lib/systemd/systemd-hostnamed

/lib/systemd/systemd

n/a

/usr/lib/snapd/snapd

/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 21 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	8
From Memory:	true
Current Path:	/tmp/ovLjmo5UoE
Source:	ovLjmo5UoE
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

188.194.255.126

unknown

Germany

212.243.120.245

unknown

Switzerland

107.80.78.92

unknown

United States

141.183.198.210

unknown

United States

223.183.33.196

unknown

India

62.202.137.250

unknown

Switzerland

48.202.252.22

unknown

United States

57.75.159.0

unknown

Belgium

87.12.93.142

unknown

Italy

17.251.231.224

unknown

United States

246.229.188.194

unknown

Reserved

169.143.167.214

unknown

United States

58.200.126.102

unknown

China

112.62.71.0

unknown

China

212.192.40.64

unknown

Russian Federation

71.101.175.126

unknown

United States

102.101.70.174

unknown

Morocco

85.34.217.17

unknown

Italy

84.4.51.252

unknown

France

151.250.59.213

unknown

Turkey

39.27.35.122

unknown

Korea Republic of

66.249.208.7

unknown

United States

189.149.208.100

unknown

Mexico

148.88.191.96

unknown

United Kingdom

75.254.245.174

unknown

United States

126.71.54.80

unknown

Japan

63.82.137.206

unknown

United States

13.183.171.172

unknown

United States

63.34.62.30

unknown

United States

16.128.90.54

unknown

United States

164.68.58.122

unknown

United States

14.9.218.72

unknown

Japan

19.31.71.136

unknown

United States

154.232.39.223

unknown

Cote D'ivoire

121.240.24.72

unknown

India

125.230.178.235

unknown

Taiwan; Republic of China (ROC)

126.97.253.94

unknown

Japan

43.80.136.150

unknown

Japan

148.82.30.56

unknown

Norway

32.219.167.7

unknown

United States

203.69.188.213

unknown

Taiwan; Republic of China (ROC)

182.12.230.65

unknown

Indonesia

178.166.54.39

unknown

Portugal

123.43.115.37

unknown

Korea Republic of

139.3.152.138

unknown

Germany

197.136.200.27

unknown

Kenya

90.199.44.81

unknown

United Kingdom

72.97.169.72

unknown

United States

163.34.66.70

unknown

Norway

39.250.54.83

unknown

Indonesia

120.159.142.193

unknown

Australia

98.64.51.118

unknown

United States

17.225.120.248

unknown

United States

136.134.215.169

unknown

United States

252.178.25.110

unknown

Reserved

27.55.158.39

unknown

Thailand

88.188.222.189

unknown

France

54.61.128.52

unknown

United States

141.179.46.50

unknown

Saudi Arabia

180.93.201.254

unknown

Viet Nam

196.163.215.25

unknown

South Africa

253.163.201.180

unknown

Reserved

12.99.29.172

unknown

United States

150.203.102.36

unknown

Australia

192.184.168.97

unknown

United States

158.221.30.171

unknown

United States

207.139.218.205

unknown

United States

121.106.141.196

unknown

Japan

123.211.244.90

unknown

Australia

241.191.141.51

unknown

Reserved

117.27.93.243

unknown

China

242.69.219.211

unknown

Reserved

154.128.36.72

unknown

Egypt

135.162.207.106

unknown

United States

133.164.200.47

unknown

Japan

194.192.157.80

unknown

Denmark

34.39.115.118

unknown

United States

14.201.38.78

unknown

Australia

97.58.156.221

unknown

United States

133.18.186.30

unknown

Japan

72.249.127.250

unknown

United States

83.106.154.9

unknown

United Kingdom

173.254.89.32

unknown

United States

216.167.124.0

unknown

United States

165.188.193.247

unknown

United States

34.11.95.205

unknown

United States

197.44.77.126

unknown

Egypt

208.251.30.111

unknown

United States

101.122.220.109

unknown

China

218.62.23.71

unknown

China

220.188.110.53

unknown

China

182.224.230.163

unknown

Korea Republic of

16.156.54.149

unknown

United States

63.237.52.235

unknown

United States

83.142.228.128

unknown

United Kingdom

252.23.58.9

unknown

Reserved

45.161.168.68

unknown

Argentina

71.232.108.2

unknown

United States

126.92.157.231

unknown

Japan

250.53.43.75

unknown

Reserved

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

IPs