Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

X09rGb7LRv

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy:	5.324905604616624
Filename:	X09rGb7LRv
Filesize:	123181
MD5:	e7b5d18dc785ad3ad2a28b6cef242b8a
SHA1:	94609e1ff80135362e4a32a7e4fe4d86bdf66faf
SHA256:	86c3af8076c785a4f7d48df1e3beb3366830c373f6571287865293c19f06d4d4
SHA512:	f919a369786ff190bd9e06d3a507ea5d4405860601a190b06c801eac2b08b53264b3bb3181616a41abc12b42ef9809580ae111baee42c9950a71a9fd7a96ed6e
SSDEEP:	3072:A3ilxqPJKN/Xb5hhOxCKWPRx9Fq51uUOypn:DiROvb5hs0KWPRx9Fq51uUOypn
Preview:	.ELF.....................@.....4.........4. ...(....p........@...@...........................@...@....X...X...............`..E`..E`.......m.........dt.Q.................................................E..<...'......!'.......................<...'......!...

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
URLs found in memory or binary data	Networking

/run/systemd/resolve/stub-resolv.conf

ASCII text

dropped

Details

File:	/run/systemd/resolve/stub-resolv.conf
Category:	dropped
Dump:	stub-resolv.conf.13.dr
ID:	dr_0
Target ID:	13
Process:	/tmp/X09rGb7LRv
Type:	ASCII text
Entropy:	3.3918926446809334
Encrypted:	false
Ssdeep:	3:KkZRAkd:KaAu
Size:	38
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/tmp/X09rGb7LRv

Details

PID:	5284
Target ID:	10
Parent PID:	5107
Name:	X09rGb7LRv
Path:	/tmp/X09rGb7LRv
Commandline:	/tmp/X09rGb7LRv
Size:	5777432
MD5:	0083f1f0e77be34ad27f849842bbb00c
Time:	00:07:23
Date:	14/01/2022

/tmp/X09rGb7LRv

n/a

Details

PID:	5286
Target ID:	11
Parent PID:	5284
Name:	X09rGb7LRv
Path:	/tmp/X09rGb7LRv
Commandline:	n/a
Size:	5777432
MD5:	0083f1f0e77be34ad27f849842bbb00c
Time:	00:07:23
Date:	14/01/2022

/tmp/X09rGb7LRv

n/a

Details

PID:	5288
Target ID:	12
Parent PID:	5286
Name:	X09rGb7LRv
Path:	/tmp/X09rGb7LRv
Commandline:	n/a
Size:	5777432
MD5:	0083f1f0e77be34ad27f849842bbb00c
Time:	00:07:23
Date:	14/01/2022

/tmp/X09rGb7LRv

n/a

Details

PID:	5290
Target ID:	13
Parent PID:	5288
Name:	X09rGb7LRv
Path:	/tmp/X09rGb7LRv
Commandline:	n/a
Size:	5777432
MD5:	0083f1f0e77be34ad27f849842bbb00c
Time:	00:07:23
Date:	14/01/2022

/usr/bin/dash

n/a

Details

PID:	5307
Target ID:	14
Parent PID:	4331
Name:	dash
Path:	/usr/bin/dash
Commandline:	n/a
Size:	129816
MD5:	1e6b1c887c59a315edb7eb9a315fc84c
Time:	00:07:48
Date:	14/01/2022

/usr/bin/rm

rm -f /tmp/tmp.vbst9zaJm7 /tmp/tmp.9Lxc4N6K9O /tmp/tmp.gWHunRvXw5

Details

PID:	5307
Target ID:	15
Parent PID:	4331
Name:	rm
Path:	/usr/bin/rm
Commandline:	rm -f /tmp/tmp.vbst9zaJm7 /tmp/tmp.9Lxc4N6K9O /tmp/tmp.gWHunRvXw5
Size:	72056
MD5:	aa2b5496fdbfd88e38791ab81f90b95b
Time:	00:07:48
Date:	14/01/2022

URLs

Name

Malicious

http://www.baidu.com/search/spider.html)

unknown

Details

Name:	http://www.baidu.com/search/spider.html)
TargetID:	10
From Memory:	true
Current Path:	/tmp/X09rGb7LRv
Source:	X09rGb7LRv
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.billybobbot.com/crawler/)

unknown

Details

Name:	http://www.billybobbot.com/crawler/)
TargetID:	10
From Memory:	true
Current Path:	/tmp/X09rGb7LRv
Source:	X09rGb7LRv

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://fast.no/support/crawler.asp)

unknown

Details

Name:	http://fast.no/support/crawler.asp)
TargetID:	10
From Memory:	true
Current Path:	/tmp/X09rGb7LRv
Source:	X09rGb7LRv

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://feedback.redkolibri.com/

unknown

Details

Name:	http://feedback.redkolibri.com/
TargetID:	10
From Memory:	true
Current Path:	/tmp/X09rGb7LRv
Source:	X09rGb7LRv

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.baidu.com/search/spider.htm)

unknown

Details

Name:	http://www.baidu.com/search/spider.htm)
TargetID:	10
From Memory:	true
Current Path:	/tmp/X09rGb7LRv
Source:	X09rGb7LRv
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

191.96.165.103

unknown

Chile

Details

IP:	191.96.165.103
TargetID:	-1
Country:	Chile
Countrycode:	CHL
ASN number:	61317
ASN name:	ASDETUKhttpwwwheficedcomGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs