IOC Report
Okami.arm5.elf

loading gif

Files

File Path
Type
Category
Malicious
Okami.arm5.elf
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, with debug_info, not stripped
initial sample
 malicious
/run/systemd/resolve/stub-resolv.conf
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/Okami.arm5.elf
/tmp/Okami.arm5.elf
/tmp/Okami.arm5.elf
-
/tmp/Okami.arm5.elf
-
/tmp/Okami.arm5.elf
-

URLs

Name
IP
Malicious
http://www.billybobbot.com/crawler/)
unknown
 malicious
http://www.baidu.com/search/spider.html)
unknown
http://fast.no/support/crawler.asp)
unknown
http://feedback.redkolibri.com/
unknown
http://www.baidu.com/search/spider.htm)
unknown

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.25

IPs

IP
Domain
Country
Malicious
93.123.85.246
unknown
Bulgaria

Memdumps

Base Address
Regiontype
Protect
Malicious
7f0f1c027000
page execute read
 malicious
7f0f1c027000
page execute read
 malicious
7f0f1c027000
page execute read
 malicious
7f10239b3000
page read and write
7f1022db7000
page read and write
7ffdaa7de000
page execute read
556d975d2000
page read and write
556d995d0000
page execute and read and write
7f1024302000
page read and write
7f1024299000
page read and write
556d9a4d4000
page read and write
7f10242bd000
page read and write
7f1022db7000
page read and write
7f1023f8f000
page read and write
7f0f1c028000
page read and write
7f1023dad000
page read and write
556d995d0000
page execute and read and write
7f1024302000
page read and write
7f1023f8f000
page read and write
7f1023651000
page read and write
7f0f1c028000
page read and write
556d975d2000
page read and write
7f1024299000
page read and write
7f1023c1e000
page read and write
7f1023dad000
page read and write
7f0f1c02e000
page read and write
556d995e7000
page read and write
556d97378000
page execute read
7f1024170000
page read and write
7f1023651000
page read and write
7f1023651000
page read and write
7f101c021000
page read and write
7f1023c1e000
page read and write
7f101c021000
page read and write
7f1024170000
page read and write
7ffdaa72a000
page read and write
7f1023c41000
page read and write
7f10235bf000
page read and write
7ffdaa7de000
page execute read
556d9a4d4000
page read and write
7f1023c41000
page read and write
7f1022db7000
page read and write
7f1023dad000
page read and write
7f0f1c028000
page read and write
7f101c021000
page read and write
7f10235bf000
page read and write
7f101bfff000
page read and write
556d975c9000
page read and write
7f0f1c02e000
page read and write
7ffdaa7de000
page execute read
7f10235bf000
page read and write
556d995e7000
page read and write
556d9a4d4000
page read and write
7f1024170000
page read and write
7f1023c1e000
page read and write
556d995d0000
page execute and read and write
7f1023c41000
page read and write
7f101bfff000
page read and write
7f1024299000
page read and write
556d995e7000
page read and write
7f10242bd000
page read and write
7f1023f8f000
page read and write
7f10239b3000
page read and write
7f0f1c02e000
page read and write
7f10242bd000
page read and write
556d97378000
page execute read
556d975c9000
page read and write
7f101bfff000
page read and write
556d97378000
page execute read
556d975c9000
page read and write
7f10239b3000
page read and write
556d975d2000
page read and write
7ffdaa72a000
page read and write
7f1024302000
page read and write
7ffdaa72a000
page read and write
There are 65 hidden memdumps, click here to show them.