Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

mirkatclpb.arm

ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy:	7.929079875154064
Filename:	mirkatclpb.arm
Filesize:	25004
MD5:	f11d4deb3dc156310b53b21e22c5663a
SHA1:	f785ac4c47b99459a8ce236aa76df115af76dd7f
SHA256:	64e0601e1a0a1bb7f8f170ea14efa55b1f17aaefad94edf0b96cfdbebeb689e8
SHA512:	158581447fc598aa5139b8d93c96b09b82b0b442f6704a4a2fbbe816e8df57e10471899ac9f38d3d34e23d637723d1462e44857db1208b9c57bc507564db18d6
SSDEEP:	768:QX9nxn8o9wnBoWzEQf2EjKb3pWz9s3Uoz2:Qtn+o9wjfBAZWcz2
Preview:	.ELF...a..........(.........4...........4. ...(......................`...`...............^..........................Q.td..............................CvUPX!........0...0.......R..........?.E.h;.}...^..........f.Z.6..(fw....&.x:.E.......oe.`.S..T.......n..

Signature Hits	Behavior Group	Mitre Attack
Sample tries to kill many processes (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

/proc/5262/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5262/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	moderate

/proc/5357/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5357/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.26.dr
ID:	dr_2
Target ID:	26
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	moderate

/proc/5359/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5359/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.30.dr
ID:	dr_4
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	moderate

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.30.dr
ID:	dr_5
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.9219280948873623
Encrypted:	false
Ssdeep:	3:DQe:t
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/mirkatclpb.arm

n/a

/tmp/mirkatclpb.arm

n/a

/tmp/mirkatclpb.arm

n/a

/tmp/mirkatclpb.arm

n/a

/tmp/mirkatclpb.arm

n/a

/tmp/mirkatclpb.arm

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 9 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	10
From Memory:	true
Current Path:	/tmp/mirkatclpb.arm
Source:	mirkatclpb.arm
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

213.31.71.244

unknown

Belgium

166.29.74.82

unknown

United States

14.143.23.189

unknown

India

200.152.162.49

unknown

Brazil

206.67.127.12

unknown

United States

158.34.190.147

unknown

United States

247.118.145.156

unknown

Reserved

23.179.6.168

unknown

Reserved

202.236.115.3

unknown

Japan

245.114.66.174

unknown

Reserved

87.81.175.34

unknown

United Kingdom

188.97.180.64

unknown

Germany

159.173.54.239

unknown

France

188.248.166.141

unknown

Saudi Arabia

253.254.231.181

unknown

Reserved

102.241.34.87

unknown

Tunisia

57.67.217.115

unknown

Belgium

197.131.99.208

unknown

Morocco

14.139.237.177

unknown

India

173.70.19.51

unknown

United States

102.114.79.239

unknown

Mauritius

139.196.56.182

unknown

China

73.207.81.45

unknown

United States

194.128.173.25

unknown

United Kingdom

242.249.209.192

unknown

Reserved

87.51.208.65

unknown

Denmark

63.148.159.88

unknown

United States

2.103.215.131

unknown

United Kingdom

108.243.173.4

unknown

United States

207.90.126.129

unknown

United States

193.245.131.64

unknown

Belgium

242.63.95.89

unknown

Reserved

195.229.184.171

unknown

United Arab Emirates

180.170.25.215

unknown

China

174.64.2.29

unknown

United States

86.52.29.10

unknown

Denmark

254.91.231.74

unknown

Reserved

246.141.80.184

unknown

Reserved

36.90.232.64

unknown

Indonesia

135.205.221.76

unknown

United States

250.51.173.213

unknown

Reserved

84.116.116.140

unknown

Netherlands

69.90.190.99

unknown

Canada

157.72.178.5

unknown

Japan

110.125.97.65

unknown

China

20.21.196.35

unknown

United States

125.73.254.169

unknown

China

1.99.146.64

unknown

Korea Republic of

206.9.187.110

unknown

United States

65.201.108.229

unknown

United States

179.48.209.102

unknown

59.166.150.107

unknown

Japan

120.161.3.29

unknown

Indonesia

170.73.197.190

unknown

United States

23.42.205.247

unknown

United States

17.103.205.219

unknown

United States

66.147.85.178

unknown

United States

102.74.168.118

unknown

Morocco

149.210.199.62

unknown

Netherlands

221.248.80.1

unknown

Japan

60.16.183.22

unknown

China

107.134.158.250

unknown

United States

202.200.196.12

unknown

China

184.5.225.222

unknown

United States

151.246.218.21

unknown

Iran (ISLAMIC Republic Of)

117.219.36.68

unknown

India

220.138.36.103

unknown

Taiwan; Republic of China (ROC)

16.225.121.0

unknown

United States

66.12.192.156

unknown

United States

106.90.12.33

unknown

China

216.46.212.245

unknown

United States

146.123.208.124

unknown

United States

250.53.18.17

unknown

Reserved

159.201.91.21

unknown

United States

165.133.204.80

unknown

Korea Republic of

31.61.177.115

unknown

Poland

204.233.222.220

unknown

United States

47.90.213.32

unknown

United States

12.50.93.239

unknown

United States

140.220.168.137

unknown

United States

221.87.174.160

unknown

Japan

217.202.195.230

unknown

Italy

173.80.22.227

unknown

United States

1.146.71.43

unknown

Australia

217.95.63.172

unknown

Germany

114.253.135.30

unknown

China

243.220.176.106

unknown

Reserved

38.49.227.144

unknown

United States

254.89.164.115

unknown

Reserved

175.248.208.227

unknown

Korea Republic of

95.27.203.251

unknown

Russian Federation

61.32.110.154

unknown

Korea Republic of

87.4.93.209

unknown

Italy

158.214.59.15

unknown

Japan

192.248.174.124

unknown

France

9.35.128.167

unknown

United States

143.236.35.245

unknown

United States

252.4.195.138

unknown

Reserved

173.197.253.115

unknown

United States

216.224.227.28

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs