Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/5Yj6rO0YeI.elf

URLs

Name

Malicious

http://schemas.xmlsoap.org/soap/encoding/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/encoding/
TargetID:	12
From Memory:	true
Current Path:	/tmp/5Yj6rO0YeI.elf
Source:	5Yj6rO0YeI.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/envelope/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/envelope/
TargetID:	12
From Memory:	true
Current Path:	/tmp/5Yj6rO0YeI.elf
Source:	5Yj6rO0YeI.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

7f5e84028000

page execute read

7f5e84028000

page execute read

7f5f8b02e000

page read and write

7f5f8b39f000

page read and write

7f5f84021000

page read and write

7f5f8b1bd000

page read and write

5584552a2000

page read and write

5584572b7000

page read and write

7f5f8b6cd000

page read and write

7f5f8b712000

page read and write

7f5f8b580000

page read and write

5584572a0000

page execute and read and write

7f5e84033000

page read and write

7f5f8b580000

page read and write

7f5f8b39f000

page read and write

5584572a0000

page execute and read and write

5584552a2000

page read and write

7f5f8aa61000

page read and write

7f5f8a1c7000

page read and write

7f5f8b1bd000

page read and write

7f5f8b02e000

page read and write

7f5f8b712000

page read and write

7f5e84030000

page read and write

7f5f8b6a9000

page read and write

7f5f8b051000

page read and write

7f5f8b051000

page read and write

7f5f8adc3000

page read and write

7f5e84030000

page read and write

7ffcb5bce000

page execute read

7f5f8adc3000

page read and write

7f5f8aa61000

page read and write

7f5f8a9cf000

page read and write

7f5f84021000

page read and write

7f5f8a1c7000

page read and write

7f5f83fff000

page read and write

558455299000

page read and write

558455048000

page execute read

7f5f8b6cd000

page read and write

7f5f83fff000

page read and write

7f5f8b6a9000

page read and write

7ffcb5a2d000

page read and write

558455048000

page execute read

7ffcb5a2d000

page read and write

558455299000

page read and write

7f5f8a9cf000

page read and write

7ffcb5bce000

page execute read

7f5e84033000

page read and write

558457783000

page read and write

5584572b7000

page read and write

558457783000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5Yj6rO0YeI.elf

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5Yj6rO0YeI.elf

Processes

URLs

Domains

Memdumps

IOC Report
5Yj6rO0YeI.elf