Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

61KiF94nKN

ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy:	6.009298823803464
Filename:	61KiF94nKN
Filesize:	66380
MD5:	06d58f655cb40ee644bd74e19483ba8b
SHA1:	84a92f7b7855ef9f1ec12e10ef38b3bc7045d903
SHA256:	e0f8643b2d10593678b16fdaab7bc4a070cdbe4a8a617b0a37bda328f4002235
SHA512:	c1f7006c3f4a845df1b582b2fb6fcdfe83a033b8dd7cb9c7cde7afbcbce3ac57a467feda72f1c77d44843f05ca725ce50d6db93edf61f7680d247ca3258a4bc4
SSDEEP:	1536:0dn1Jb3SdNySlmbWfuPA+CbsyGjoycpbY+WJ:suv1sbWfu4Tsffcp0+WJ
Preview:	.ELF...........................4.........4. ...(....................... ... ...........................\|............dt.Q................................@..(....@.<.................#.....a...`.....!..... ...@.....".........`......$ ... ...@...........`....

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/proc/5264/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5264/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.20.dr
ID:	dr_1
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:Ct:Ct
Size:	5
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/tmp/61KiF94nKN

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 18 hidden processes, click here to show them.

Domains

Name

Malicious

xia.ddcch4ckserver.top

107.189.5.196

Details

Name:	xia.ddcch4ckserver.top
IP:	107.189.5.196
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

246.249.140.98

unknown

Reserved

170.45.110.90

unknown

United States

47.252.160.8

unknown

United States

60.98.164.176

unknown

Japan

243.254.229.225

unknown

Reserved

5.218.173.229

unknown

Iran (ISLAMIC Republic Of)

185.65.70.223

unknown

Turkey

168.71.172.254

unknown

United States

163.112.118.125

unknown

France

68.151.112.93

unknown

Canada

133.89.64.217

unknown

Japan

244.197.160.238

unknown

Reserved

211.188.243.31

unknown

Korea Republic of

80.124.79.187

unknown

France

73.10.41.195

unknown

United States

9.246.160.133

unknown

United States

193.1.217.2

unknown

Ireland

89.82.198.141

unknown

France

191.82.108.49

unknown

Argentina

221.171.214.240

unknown

Japan

83.173.196.243

unknown

Switzerland

157.213.248.246

unknown

United States

81.132.68.181

unknown

United Kingdom

23.224.58.144

unknown

United States

68.131.63.99

unknown

United States

185.167.210.138

unknown

Czech Republic

74.112.219.16

unknown

United States

158.220.98.141

unknown

Switzerland

90.216.180.27

unknown

United Kingdom

38.89.204.151

unknown

United States

254.94.23.229

unknown

Reserved

62.200.46.62

unknown

European Union

59.51.33.190

unknown

China

143.28.20.34

unknown

United States

241.155.183.174

unknown

Reserved

45.234.130.236

unknown

Brazil

165.193.73.81

unknown

United States

48.185.159.34

unknown

United States

135.93.177.171

unknown

United States

41.228.193.93

unknown

Tunisia

142.5.110.19

unknown

Canada

163.61.118.81

unknown

62.191.178.99

unknown

United Kingdom

125.175.21.204

unknown

Japan

120.113.153.90

unknown

Taiwan; Republic of China (ROC)

171.113.147.123

unknown

China

135.46.199.217

unknown

United States

166.149.86.237

unknown

United States

8.138.12.41

unknown

Singapore

243.192.141.18

unknown

Reserved

192.237.118.230

unknown

United States

189.227.127.163

unknown

Mexico

138.238.166.203

unknown

United States

2.134.183.227

unknown

Kazakhstan

161.2.40.141

unknown

United Kingdom

173.154.95.216

unknown

United States

173.118.241.83

unknown

United States

115.234.54.210

unknown

China

222.124.195.220

unknown

Indonesia

105.16.125.186

unknown

Mauritius

255.1.14.8

unknown

Reserved

147.59.82.120

unknown

United States

160.176.253.216

unknown

Morocco

141.228.157.156

unknown

United Kingdom

109.146.97.99

unknown

United Kingdom

77.229.193.246

unknown

Spain

205.213.14.73

unknown

United States

85.33.215.213

unknown

Italy

84.116.116.153

unknown

Netherlands

161.252.120.236

unknown

Kuwait

123.179.22.94

unknown

China

194.215.184.123

unknown

Finland

146.24.187.201

unknown

United States

44.79.138.141

unknown

United States

99.190.186.31

unknown

United States

119.47.10.35

unknown

Japan

145.25.161.151

unknown

Netherlands

177.185.203.216

unknown

Brazil

110.62.148.219

unknown

China

213.198.183.239

unknown

Italy

97.82.62.213

unknown

United States

14.45.175.64

unknown

Korea Republic of

95.194.248.76

unknown

Sweden

209.198.18.216

unknown

United States

85.40.82.1

unknown

Italy

70.37.55.85

unknown

United States

98.155.194.88

unknown

United States

18.125.179.241

unknown

United States

148.43.100.233

unknown

United States

19.44.33.247

unknown

United States

219.181.80.241

unknown

Japan

89.207.8.195

unknown

Switzerland

35.198.202.160

unknown

United States

43.133.6.103

unknown

Japan

53.71.21.3

unknown

Germany

113.19.180.129

unknown

India

194.12.240.1

unknown

Bulgaria

253.82.17.118

unknown

Reserved

218.124.198.24

unknown

Japan

92.98.39.146

unknown

United Arab Emirates

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

Domains

IPs