Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

52lN2HSY7O

ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy:	6.214678185526423
Filename:	52lN2HSY7O
Filesize:	53052
MD5:	e0db3c63694e83c4ea4187a6fd40c9d2
SHA1:	d04a564f43e9ed664478443199b196d6cb191580
SHA256:	da6d168edfc190ef5f7a8ae9ad40de97ea559989c3f7421af1c9a0909522dbf4
SHA512:	540dd1a5feed9777760399c626a0ce4dfcee4bf3d39c5631765a7b949fa2084495cb458ee31efe017a16171409049159d841abb5175df66ecbad22f53dcb7fbb
SSDEEP:	768:8CeKEfhe5XdrbejRIcfFMQ/5MdgFHj0iPuvWeffpqmUJTXr6Lu380D3:dsfIBZe5tJrFj0imvppqmUJP6Lc82
Preview:	.ELF.......................D...4.........4. ...(.................................. ....................p.......... .dt.Q............................NV..a....da.....N^NuNV..J9...lf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........lN^NuNV..N^NuN

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/var/cache/motd-news

ASCII text

dropped

Details

File:	/var/cache/motd-news
Category:	dropped
Dump:	motd-news.18.dr
ID:	dr_0
Target ID:	18
Process:	/usr/bin/cut
Type:	ASCII text
Entropy:	4.515771857099866
Encrypted:	false
Ssdeep:	3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
Size:	191
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/usr/bin/dash

n/a

/usr/bin/cat

cat /tmp/tmp.JmXH35JStJ

/usr/bin/dash

n/a

/usr/bin/head

head -n 10

/usr/bin/dash

n/a

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

n/a

/usr/bin/cut

cut -c -80

/usr/bin/dash

n/a

/usr/bin/cat

cat /tmp/tmp.JmXH35JStJ

/usr/bin/dash

n/a

/usr/bin/head

head -n 10

/usr/bin/dash

n/a

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

n/a

/usr/bin/cut

cut -c -80

/usr/bin/dash

n/a

/usr/bin/rm

rm -f /tmp/tmp.JmXH35JStJ /tmp/tmp.AdZnWFxIG7 /tmp/tmp.Bef8J1nfzZ

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

/tmp/52lN2HSY7O

n/a

There are 24 hidden processes, click here to show them.

URLs

Name

Malicious

https://ubuntu.com/blog/microk8s-memory-optimisation

unknown

Details

Name:	https://ubuntu.com/blog/microk8s-memory-optimisation
TargetID:	18
From Memory:	true
Current Path:	/usr/bin/cut
Source:	motd-news.18.dr
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

199.110.235.164

unknown

United States

113.121.141.255

unknown

China

177.11.31.210

unknown

Brazil

27.110.107.33

unknown

Japan

80.24.212.170

unknown

Spain

186.83.234.200

unknown

Colombia

207.56.160.227

unknown

United States

222.171.173.133

unknown

China

206.184.241.50

unknown

United States

207.116.49.21

unknown

United States

81.255.86.163

unknown

France

101.128.206.180

unknown

Japan

58.6.149.98

unknown

Australia

60.64.115.12

unknown

Japan

72.191.168.77

unknown

United States

134.2.145.161

unknown

Germany

88.190.10.46

unknown

France

189.230.128.7

unknown

Mexico

240.234.53.120

unknown

Reserved

200.228.138.0

unknown

Brazil

245.90.212.44

unknown

Reserved

18.188.26.118

unknown

United States

121.55.215.27

unknown

Guam

175.240.25.72

unknown

Korea Republic of

247.205.244.162

unknown

Reserved

164.42.74.234

unknown

Puerto Rico

53.228.90.236

unknown

Germany

96.25.164.173

unknown

United States

99.10.28.76

unknown

United States

116.40.43.10

unknown

Korea Republic of

159.52.118.79

unknown

Australia

201.233.213.54

unknown

Colombia

169.243.206.141

unknown

United States

109.44.45.243

unknown

Germany

240.203.171.95

unknown

Reserved

150.253.133.66

unknown

United States

253.47.120.163

unknown

Reserved

110.220.30.89

unknown

China

43.8.221.27

unknown

Japan

203.120.137.187

unknown

Singapore

218.181.74.60

unknown

Japan

53.169.5.228

unknown

Germany

75.125.11.254

unknown

United States

101.215.253.239

unknown

India

156.7.48.65

unknown

United States

117.178.243.226

unknown

China

161.78.252.141

unknown

Switzerland

240.160.53.154

unknown

Reserved

108.28.236.159

unknown

United States

195.249.101.245

unknown

Denmark

148.56.211.54

unknown

Spain

159.106.135.52

unknown

United States

80.97.224.172

unknown

Romania

211.21.103.87

unknown

Taiwan; Republic of China (ROC)

183.219.249.8

unknown

China

197.31.187.186

unknown

Tunisia

156.146.203.249

unknown

United States

220.216.169.230

unknown

Japan

198.196.224.109

unknown

United States

153.239.66.159

unknown

Japan

220.216.56.40

unknown

Japan

124.225.208.91

unknown

China

105.143.72.239

unknown

Morocco

177.203.133.248

unknown

Brazil

192.233.100.166

unknown

United States

112.249.78.53

unknown

China

220.0.129.208

unknown

Japan

141.156.237.63

unknown

United States

110.141.121.185

unknown

Australia

83.138.58.49

unknown

31.114.146.114

unknown

United Kingdom

17.234.124.225

unknown

United States

146.136.220.194

unknown

Switzerland

247.168.152.143

unknown

Reserved

87.198.117.230

unknown

Ireland

169.31.128.125

unknown

United States

210.112.251.134

unknown

Korea Republic of

58.114.227.42

unknown

Taiwan; Republic of China (ROC)

123.47.209.227

unknown

Korea Republic of

243.219.250.131

unknown

Reserved

195.136.103.120

unknown

Poland

40.192.134.233

unknown

United States

254.52.94.164

unknown

Reserved

164.65.13.51

unknown

United States

212.9.249.185

unknown

Ukraine

186.170.17.43

unknown

Colombia

133.27.156.188

unknown

Japan

155.232.197.139

unknown

South Africa

109.4.187.52

unknown

France

99.189.112.218

unknown

United States

184.6.30.97

unknown

United States

186.37.158.45

unknown

Chile

109.1.194.240

unknown

France

87.179.231.26

unknown

Germany

151.75.212.221

unknown

Italy

218.31.166.125

unknown

China

191.133.1.249

unknown

Brazil

186.235.64.46

unknown

Brazil

158.197.0.29

unknown

Slovakia (SLOVAK Republic)

154.145.140.146

unknown

Morocco

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs