IOC Report
Okami.mips.elf

loading gif

Files

File Path
Type
Category
Malicious
Okami.mips.elf
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
initial sample
 malicious
/run/systemd/resolve/stub-resolv.conf
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/Okami.mips.elf
/tmp/Okami.mips.elf
/tmp/Okami.mips.elf
-
/tmp/Okami.mips.elf
-
/tmp/Okami.mips.elf
-

URLs

Name
IP
Malicious
http://www.billybobbot.com/crawler/)
unknown
 malicious
http://www.baidu.com/search/spider.html)
unknown
http://fast.no/support/crawler.asp)
unknown
http://feedback.redkolibri.com/
unknown
http://www.baidu.com/search/spider.htm)
unknown

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
93.123.85.246
unknown
Bulgaria

Memdumps

Base Address
Regiontype
Protect
Malicious
7f6720416000
page execute read
 malicious
7f6720416000
page execute read
 malicious
7f6720416000
page execute read
 malicious
7f672045d000
page read and write
7f67a8d16000
page read and write
7f67a0021000
page read and write
7f67a8671000
page read and write
556e78a7c000
page read and write
7ffc69997000
page read and write
7f672045d000
page read and write
556e78a7c000
page read and write
7f67a0021000
page read and write
7f67a0000000
page read and write
556e7c9a9000
page read and write
7f67a864e000
page read and write
7f67a8671000
page read and write
7ffc69997000
page read and write
7f67a8cd1000
page read and write
7f67a89bf000
page read and write
7f67a8d16000
page read and write
7f67a0000000
page read and write
7f67a8d16000
page read and write
7f67a8ba0000
page read and write
7ffc699d9000
page execute read
7f672045d000
page read and write
7f67a82ad000
page read and write
7f67a7ffd000
page read and write
556e78a7c000
page read and write
7ffc699d9000
page execute read
556e7c9a9000
page read and write
556e7aa84000
page execute and read and write
556e787f4000
page execute read
7f67a8671000
page read and write
7f67a77e7000
page read and write
7f67a7fef000
page read and write
7f67a8cc9000
page read and write
556e787f4000
page execute read
7f67a7ffd000
page read and write
7f67a0021000
page read and write
7f67a864e000
page read and write
556e7aa84000
page execute and read and write
7f67a0000000
page read and write
7f67a77e7000
page read and write
7f67a89bf000
page read and write
7f67a82ad000
page read and write
7ffc69997000
page read and write
7f67a868e000
page read and write
556e787f4000
page execute read
7f67a7ffd000
page read and write
556e7aa9b000
page read and write
7f6720457000
page read and write
7f67a868e000
page read and write
7f67a8ba0000
page read and write
7f67a868e000
page read and write
556e7aa84000
page execute and read and write
7f67a8cd1000
page read and write
7f6720457000
page read and write
556e7aa9b000
page read and write
7f67a864e000
page read and write
556e78a86000
page read and write
556e78a86000
page read and write
7f67a77e7000
page read and write
7f67a8ba0000
page read and write
7f67a8cc9000
page read and write
556e7aa9b000
page read and write
7f6720457000
page read and write
556e78a86000
page read and write
7ffc699d9000
page execute read
7f67a82ad000
page read and write
556e7c9a9000
page read and write
7f67a7fef000
page read and write
7f67a8cc9000
page read and write
7f67a89bf000
page read and write
7f67a7fef000
page read and write
7f67a8cd1000
page read and write
There are 65 hidden memdumps, click here to show them.