Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Okami.i586.elf

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
Entropy:	6.368790476165327
Filename:	Okami.i586.elf
Filesize:	82006
MD5:	6be88ffbf34d5100c31aff94119dcf02
SHA1:	630c86fd0cb45b46ef5747a88c862e0e301fe18d
SHA256:	e1a66ef550b10291622ae7fcd452795c1a5a9ff354deda19a529eb64af895aef
SHA512:	df77c6f1960c267d9240d348ff775d6c6b60410556881843f30775a272645ac3e21877888f0fed0aaabd5020d7b75f95f917e9054a87e0250aa4fe2d325fa056
SSDEEP:	1536:xNqbqkZ12Ue/Wz/P9ZhxUzi+8F0p32cBNY5hlQ6hICMIis3r0OzRPF+jHeN:xgbf12Ue/WDP9xUziB6pm95hlQiItIis
Preview:	.ELF....................d...4...........4. ...(..............................................`...`.......j..........Q.td............................U..S.......w....h....#...[]...$.............U......=.c...t..5....$`.....$`......u........t....h.W..........

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Yara signature match	System Summary
Sample and/or dropped files contains symbols with file path information	System Summary
URLs found in memory or binary data	Networking

/run/systemd/resolve/stub-resolv.conf

ASCII text

dropped

Details

File:	/run/systemd/resolve/stub-resolv.conf
Category:	dropped
Dump:	stub-resolv.conf.15.dr
ID:	dr_0
Target ID:	15
Process:	/tmp/Okami.i586.elf
Type:	ASCII text
Entropy:	3.3918926446809334
Encrypted:	false
Ssdeep:	3:KkZRAkd:KaAu
Size:	38
Whitelisted:	false
Reputation:	high

Processes

Path

Cmdline

Malicious

/tmp/Okami.i586.elf

URLs

Name

Malicious

http://www.billybobbot.com/crawler/)

unknown

Details

Name:	http://www.billybobbot.com/crawler/)
TargetID:	12
From Memory:	true
Current Path:	/tmp/Okami.i586.elf
Source:	Okami.i586.elf

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://www.baidu.com/search/spider.html)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

93.123.85.246

unknown

Bulgaria

Details

IP:	93.123.85.246
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8056000

page execute read

8056000

page execute read

8056000

page execute read

8057000

page read and write

f7fb4000

page execute read

f7fb4000

page execute read

ffaf7000

page read and write

ffaf7000

page read and write

ffaf7000

page read and write

8057000

page read and write

805d000

page read and write

8057000

page read and write

805d000

page read and write

805d000

page read and write

f7fb4000

page execute read

There are 5 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Okami.i586.elf

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportOkami.i586.elf

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Okami.i586.elf