Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Z8xEavXrld

n/a

/tmp/Z8xEavXrld

n/a

/tmp/Z8xEavXrld

n/a

/bin/sh

sh -c "mkdir /rx05a34hf0/ && >/rx05a34hf0/rx05a34hf0 && cd /rx05a34hf0/ >/dev/null"

/bin/sh

n/a

/usr/bin/mkdir

mkdir /rx05a34hf0/

/tmp/Z8xEavXrld

n/a

/bin/sh

sh -c "mv /tmp/Z8xEavXrld /rx05a34hf0/rx05a34hf0 && chmod 777 /rx05a34hf0/rx05a34hf0 >/dev/null"

/bin/sh

n/a

/usr/bin/mv

mv /tmp/Z8xEavXrld /rx05a34hf0/rx05a34hf0

/bin/sh

n/a

/usr/bin/chmod

chmod 777 /rx05a34hf0/rx05a34hf0

/tmp/Z8xEavXrld

n/a

/tmp/Z8xEavXrld

n/a

/tmp/Z8xEavXrld

n/a

/tmp/Z8xEavXrld

n/a

There are 7 hidden processes, click here to show them.

URLs

Name

Malicious

http://%d.%d.%d.%d:%d/snickers/%s

unknown

Details

Name:	http://%d.%d.%d.%d:%d/snickers/%s
TargetID:	10
From Memory:	true
Current Path:	/tmp/Z8xEavXrld
Source:	Z8xEavXrld
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Z8xEavXrld

Processes

URLs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportZ8xEavXrld

Processes

URLs

IOC Report
Z8xEavXrld