IOC Report
Okami.sparc.elf

loading gif

Files

File Path
Type
Category
Malicious
Okami.sparc.elf
ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, with debug_info, not stripped
initial sample
 malicious
/run/systemd/resolve/stub-resolv.conf
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/Okami.sparc.elf
/tmp/Okami.sparc.elf
/tmp/Okami.sparc.elf
-
/tmp/Okami.sparc.elf
-
/tmp/Okami.sparc.elf
-

URLs

Name
IP
Malicious
http://www.billybobbot.com/crawler/)
unknown
 malicious
http://www.baidu.com/search/spider.html)
unknown
http://fast.no/support/crawler.asp)
unknown
http://feedback.redkolibri.com/
unknown
http://www.baidu.com/search/spider.htm)
unknown

IPs

IP
Domain
Country
Malicious
93.123.85.246
unknown
Bulgaria
malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7f95b4024000
page execute read
 malicious
7f95b4024000
page execute read
 malicious
7f95b4024000
page execute read
 malicious
7f96bb849000
page read and write
557c25b44000
page read and write
557c277d6000
page read and write
557c25b2d000
page execute and read and write
7f96ba501000
page read and write
7f96b4021000
page read and write
7f96bb388000
page read and write
7f96bad04000
page read and write
7f95b403b000
page read and write
7f95b4034000
page read and write
557c277d6000
page read and write
7f96bb7fc000
page read and write
557c23b2f000
page read and write
7f96bb6d3000
page read and write
7f96bb6d3000
page read and write
7f95b403b000
page read and write
7f96bb804000
page read and write
7f96bb804000
page read and write
7f96bb388000
page read and write
557c277d6000
page read and write
557c23b26000
page read and write
7f96b4000000
page read and write
7ffdc25dd000
page read and write
557c23b2f000
page read and write
557c25b44000
page read and write
7f96bafa1000
page read and write
7f96ba501000
page read and write
7f96bad04000
page read and write
7f96bad12000
page read and write
7f96bad12000
page read and write
557c25b2d000
page execute and read and write
7f96bad04000
page read and write
7f96b4000000
page read and write
7ffdc25dd000
page read and write
7f96bb849000
page read and write
7f96bb363000
page read and write
7f96b4021000
page read and write
7ffdc25dd000
page read and write
7f96bafa1000
page read and write
7f96ba501000
page read and write
7f96bafa1000
page read and write
7f96bb7fc000
page read and write
7f96b4000000
page read and write
7ffdc25e6000
page execute read
7f96bb388000
page read and write
7f96bb7fc000
page read and write
557c25b2d000
page execute and read and write
7f96bad12000
page read and write
7ffdc25e6000
page execute read
557c238f8000
page execute read
557c25b44000
page read and write
7f95b4034000
page read and write
7f95b403b000
page read and write
7ffdc25e6000
page execute read
7f96bb849000
page read and write
7f96bb6d3000
page read and write
557c23b2f000
page read and write
557c238f8000
page execute read
7f95b4034000
page read and write
557c238f8000
page execute read
7f96b4021000
page read and write
7f96bb804000
page read and write
7f96bb363000
page read and write
557c23b26000
page read and write
7f96bb363000
page read and write
557c23b26000
page read and write
There are 59 hidden memdumps, click here to show them.