IOC Report
Okami.arm7.elf

loading gif

Files

File Path
Type
Category
Malicious
Okami.arm7.elf
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
initial sample
 malicious
/run/systemd/resolve/stub-resolv.conf
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/Okami.arm7.elf
/tmp/Okami.arm7.elf
/tmp/Okami.arm7.elf
-
/tmp/Okami.arm7.elf
-
/tmp/Okami.arm7.elf
-

URLs

Name
IP
Malicious
http://www.billybobbot.com/crawler/)
unknown
 malicious
http://www.baidu.com/search/spider.html)
unknown
http://fast.no/support/crawler.asp)
unknown
http://feedback.redkolibri.com/
unknown
http://www.baidu.com/search/spider.htm)
unknown

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.25

IPs

IP
Domain
Country
Malicious
93.123.85.246
unknown
Bulgaria

Memdumps

Base Address
Regiontype
Protect
Malicious
7f2b7802f000
page execute read
 malicious
7f2b7802f000
page execute read
 malicious
7f2b7802f000
page execute read
 malicious
7f2c7e81c000
page read and write
55f6430dd000
page read and write
7f2c7f683000
page read and write
7f2c7fd22000
page read and write
7f2c7f812000
page read and write
7f2c7fbd5000
page read and write
55f6430dd000
page read and write
7f2c7fcfe000
page read and write
7f2c7fd22000
page read and write
7ffc97bed000
page execute read
7f2c7f6a6000
page read and write
7ffc97bed000
page execute read
7f2b78037000
page read and write
55f64165f000
page read and write
55f63f641000
page read and write
7f2c7f9f4000
page read and write
7f2c7f812000
page read and write
7f2c7e81c000
page read and write
7f2c7fd67000
page read and write
7f2c7f024000
page read and write
55f63f3f0000
page execute read
55f6430dd000
page read and write
7f2b78037000
page read and write
7f2c77fff000
page read and write
55f63f3f0000
page execute read
7f2c7f418000
page read and write
7f2c7f683000
page read and write
7f2b78037000
page read and write
55f641648000
page execute and read and write
7f2c7e81c000
page read and write
55f63f64a000
page read and write
7ffc97bd3000
page read and write
7ffc97bed000
page execute read
7f2c7f812000
page read and write
55f63f641000
page read and write
7f2c7f418000
page read and write
55f63f64a000
page read and write
7ffc97bd3000
page read and write
7f2c7fcfe000
page read and write
7f2c77fff000
page read and write
7f2c7f418000
page read and write
7f2c7f6a6000
page read and write
7f2c77fff000
page read and write
7f2b7803f000
page read and write
55f641648000
page execute and read and write
7f2c7f024000
page read and write
7f2c7f024000
page read and write
7f2c7fbd5000
page read and write
7ffc97bd3000
page read and write
7f2c7f683000
page read and write
7f2c78021000
page read and write
7f2c7fcfe000
page read and write
7f2b7803f000
page read and write
55f63f641000
page read and write
7f2c78021000
page read and write
55f64165f000
page read and write
7f2c7f6a6000
page read and write
7f2c7f0b6000
page read and write
7f2c7fbd5000
page read and write
7f2c7fd67000
page read and write
7f2c7f9f4000
page read and write
7f2c7f0b6000
page read and write
55f63f3f0000
page execute read
7f2c7f0b6000
page read and write
7f2c78021000
page read and write
7f2b7803f000
page read and write
7f2c7f9f4000
page read and write
7f2c7fd67000
page read and write
7f2c7fd22000
page read and write
55f64165f000
page read and write
55f63f64a000
page read and write
55f641648000
page execute and read and write
There are 65 hidden memdumps, click here to show them.