Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

fuckjewishpeople.mpsl

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy:	5.468332508269017
Filename:	fuckjewishpeople.mpsl
Filesize:	116647
MD5:	4a116051dca24c00b70538976f3369ec
SHA1:	c56295bdd3477c87858093bfdaba25877292cf2c
SHA256:	9d82ead689856c499c096c17c7c6bc0096328a183724d4afdb1b15f51fbca681
SHA512:	26af9cb3bdc6be2ab4026afd9c674582b8d7b8c0e6431b6930294a5b4b10d8e31831f3b1b40e71344918ce2c0149c37db749edd282fe80b46f522093efb027b5
SSDEEP:	1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNOp5hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgl5hVwjKdwwjF9GhsR1Ae
Preview:	.ELF......................@.4....\|......4. ...(........p......@...@...........................@...@.(J..(J..............(J..(JE.(JE.8....q..........Q.td................................................ .E....<T..'!......'.......................<0..'!... ..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Opens /proc/net/* files useful for finding connected devices and routers	Spreading	Remote System Discovery
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

/var/cache/motd-news

ASCII text

dropped

Details

File:	/var/cache/motd-news
Category:	dropped
Dump:	motd-news.27.dr
ID:	dr_0
Target ID:	27
Process:	/usr/bin/cut
Type:	ASCII text
Entropy:	4.515771857099866
Encrypted:	false
Ssdeep:	3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
Size:	191
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/tmp/fuckjewishpeople.mpsl

n/a

/tmp/fuckjewishpeople.mpsl

n/a

/usr/bin/dash

n/a

/usr/bin/cat

cat /tmp/tmp.40ubCHwJAq

/usr/bin/dash

n/a

/usr/bin/head

head -n 10

/usr/bin/dash

n/a

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

n/a

/usr/bin/cut

cut -c -80

/usr/bin/dash

n/a

/usr/bin/cat

cat /tmp/tmp.40ubCHwJAq

/usr/bin/dash

n/a

/usr/bin/head

head -n 10

/usr/bin/dash

n/a

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

n/a

/usr/bin/cut

cut -c -80

/usr/bin/dash

n/a

/usr/bin/rm

rm -f /tmp/tmp.40ubCHwJAq /tmp/tmp.bCRgpfFGIz /tmp/tmp.Q77njIbz4T

There are 11 hidden processes, click here to show them.

URLs

Name

Malicious

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

https://ubuntu.com/blog/microk8s-memory-optimisation

unknown

IPs

Domain

Country

Malicious

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

78.47.230.250

unknown

Germany

Details

IP:	78.47.230.250
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs