Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

robinbot

ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped

initial sample

Details

Filetype:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
Entropy:	6.25564436844842
Filename:	robinbot
Filesize:	133298
MD5:	500009d8f68330a8f82b59884a9afe47
SHA1:	575f5e6894b1a2f7a728435487666acdb9758f83
SHA256:	a46770913fba87921b56d789396e07cdfd68a846b2e80a77aa07e1c62f9304d6
SHA512:	ec62621ec2e037cb9f3890486ff4fb127ee6b34657ee7c2b1e3401de5d7fa2bb554e62d5c378dd93c43a3bb0bf4d210556cf8e67c0ff8449d0c615262e94dfba
SSDEEP:	3072:xffIDJOocVBUbd8A2W3M/fvLUpANet2xBTd:xgDAtVmB8sM/fvLUpANet2xBTd
Preview:	.ELF..............>.......@.....@...................@.8...@.......................@.......@......}.......}................................Q.......Q.....h........5..............Q.td....................................................H...._....J...H........

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Sample deletes itself	Hooking and other Techniques for Hiding and Protection	File Deletion
Machine Learning detection for sample	AV Detection
Yara signature match	System Summary
Sample and/or dropped files contains symbols with suspicious names	System Summary	Masquerading
Sample listens on a socket	Networking
Sample and/or dropped files contains symbols with file path information	System Summary
URLs found in memory or binary data	Networking

/var/crash/_usr_share_apport_apport-checkreports.1000.crash

ASCII text

dropped

Details

File:	/var/crash/_usr_share_apport_apport-checkreports.1000.crash
Category:	dropped
Dump:	_usr_share_apport_apport-checkreports.1000.crash.17.dr
ID:	dr_0
Target ID:	17
Process:	/usr/share/apport/apport-checkreports
Type:	ASCII text
Entropy:	4.701159938603215
Encrypted:	false
Ssdeep:	192:FLzCpJfXz7bDknhn1tizSyu2WaxQEGUEPIyhbM:2Ah8UEGpI
Size:	14917
Whitelisted:	false
Reputation:	low

/var/crash/_usr_share_apport_apport-gtk.1000.crash

ASCII text

dropped

Details

File:	/var/crash/_usr_share_apport_apport-gtk.1000.crash
Category:	dropped
Dump:	_usr_share_apport_apport-gtk.1000.crash.23.dr
ID:	dr_1
Target ID:	23
Process:	/usr/share/apport/apport-gtk
Type:	ASCII text
Entropy:	4.52783605085601
Encrypted:	false
Ssdeep:	384:rJP5bFpeBAm/H/B/Z/JTFdMJ3iSdO2F1qWOcxxsEfXNJQv4eIz/N8CcZAE6S:A/H/B/Z/LdMJ4WOcxxs94eIz/N8CcZAG
Size:	47095
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/robinbot

n/a

/tmp/robinbot

n/a

/tmp/robinbot

n/a

/tmp/robinbot

n/a

/tmp/robinbot

n/a

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-checkreports

/usr/bin/python3 /usr/share/apport/apport-checkreports --system

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-gtk

/usr/bin/python3 /usr/share/apport/apport-gtk

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-gtk

/usr/bin/python3 /usr/share/apport/apport-gtk

There are 14 hidden processes, click here to show them.

URLs

Name

Malicious

http://89.203.251.188/mipsel

unknown

http://89.203.251.188/mips

unknown

http://89.203.251.188/bins.sh

unknown

http://89.203.251.188/bins.sh;sh

unknown

http://89.203.251.188/bins.sh;$

unknown

http://89.203.251.188/bins.sh;sh$

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://89.203.251.188/bins.sh;chmod

unknown

http://89.203.251.188/bin.sh;chmod

unknown

http://purenetworks.com/HNAP1/

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

There are 1 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

201.35.61.151

unknown

Brazil

38.149.54.119

unknown

United States

109.170.137.181

unknown

United Kingdom

6.118.77.236

unknown

United States

147.58.96.125

unknown

United States

81.127.100.245

unknown

Italy

136.39.88.252

unknown

United States

126.164.244.69

unknown

Japan

61.67.139.220

unknown

Taiwan; Republic of China (ROC)

49.200.41.67

unknown

India

18.73.84.40

unknown

United States

81.164.55.227

unknown

Belgium

113.111.170.223

unknown

China

219.117.116.107

unknown

Japan

36.29.101.74

unknown

China

89.230.138.253

unknown

Poland

62.215.115.222

unknown

Kuwait

59.144.17.163

unknown

India

175.92.178.233

unknown

China

18.180.127.60

unknown

United States

115.4.227.195

unknown

Korea Republic of

219.101.185.233

unknown

Japan

208.55.17.111

unknown

United States

120.49.233.109

unknown

China

182.191.237.46

unknown

Pakistan

191.16.96.219

unknown

Brazil

223.25.130.150

unknown

Japan

114.178.65.194

unknown

Japan

190.146.127.103

unknown

Colombia

99.214.230.161

unknown

Canada

160.154.217.169

unknown

Cote D'ivoire

213.41.96.24

unknown

United Kingdom

167.180.120.161

unknown

United States

171.6.175.226

unknown

Thailand

195.69.176.12

unknown

Ukraine

187.192.10.153

unknown

Mexico

207.16.176.208

unknown

United States

1.130.155.22

unknown

Australia

96.158.69.6

unknown

United States

116.80.199.207

unknown

Japan

44.120.58.45

unknown

United States

57.101.184.167

unknown

Belgium

125.65.104.79

unknown

China

149.161.218.250

unknown

United States

38.136.33.70

unknown

United States

203.244.68.31

unknown

Korea Republic of

187.164.183.126

unknown

Mexico

64.10.38.215

unknown

United States

204.135.237.106

unknown

United States

220.148.44.31

unknown

Japan

49.59.1.175

unknown

Korea Republic of

173.3.155.16

unknown

United States

200.80.242.58

unknown

Argentina

47.205.45.6

unknown

United States

8.182.132.211

unknown

Singapore

156.124.138.111

unknown

United States

101.45.38.38

unknown

China

117.20.248.54

unknown

Korea Republic of

101.13.223.104

unknown

Taiwan; Republic of China (ROC)

65.62.218.42

unknown

United States

122.143.153.102

unknown

China

125.152.192.190

unknown

Korea Republic of

166.252.209.73

unknown

United States

22.253.251.152

unknown

United States

147.79.180.251

unknown

United States

187.176.30.239

unknown

Mexico

170.14.152.245

unknown

United States

58.147.153.172

unknown

Afghanistan

67.7.29.224

unknown

United States

78.252.226.253

unknown

France

184.190.166.224

unknown

United States

106.148.127.134

unknown

Japan

122.243.118.80

unknown

China

34.229.40.203

unknown

United States

199.87.129.117

unknown

United States

51.27.141.208

unknown

United States

199.33.243.208

unknown

United States

145.188.254.177

unknown

Netherlands

182.129.102.216

unknown

China

131.154.12.44

unknown

Italy

89.138.240.83

unknown

Israel

165.123.75.214

unknown

United States

168.189.121.198

unknown

United States

74.178.232.94

unknown

United States

28.6.132.123

unknown

United States

124.193.153.100

unknown

China

120.149.220.29

unknown

Australia

82.130.119.117

unknown

Switzerland

16.133.163.123

unknown

United States

208.71.205.168

unknown

United States

160.32.225.158

unknown

United States

130.34.115.97

unknown

Japan

104.229.125.170

unknown

United States

208.17.252.190

unknown

United States

142.225.10.214

unknown

Canada

9.30.31.111

unknown

United States

4.97.223.173

unknown

United States

112.226.138.78

unknown

China

154.228.227.62

unknown

Uganda

151.174.62.248

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
robinbot

Files

Processes

URLs

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportrobinbot

Files

Processes

URLs

IPs

IOC Report
robinbot