Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm6.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.arm6.elf
Source:	la.bot.arm6.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.arm6.elf
Source:	la.bot.arm6.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f0a2e516000

page read and write

7f092803b000

page read and write

7f0a2e55b000

page read and write

7fffb15b0000

page execute read

558fcb9ce000

page execute and read and write

558fcc8dd000

page read and write

7f0a27fff000

page read and write

558fcb9e5000

page read and write

7f0a2e006000

page read and write

7f0a2e3c9000

page read and write

558fc9776000

page execute read

7f0a28021000

page read and write

558fc99d0000

page read and write

7f0a2de9a000

page read and write

7f0a2de77000

page read and write

7f0a2d8aa000

page read and write

7f0a2e1e8000

page read and write

7f0a2d010000

page read and write

7fffb14fa000

page read and write

7f0a2dc0c000

page read and write

7f092802b000

page execute read

558fc99c7000

page read and write

7f0928034000

page read and write

7f0a2e4f2000

page read and write

7f0a2d818000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.arm6.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.arm6.elf

Processes

URLs

IPs

Memdumps

IOC Report
la.bot.arm6.elf