Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/mipsel.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.JIoHd9xZjv /tmp/tmp.asTIyI3yLq /tmp/tmp.yRuiqGAoTH

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.JIoHd9xZjv /tmp/tmp.asTIyI3yLq /tmp/tmp.yRuiqGAoTH

URLs

Name

Malicious

150.241.95.250:25565

Details

Name:	150.241.95.250:25565
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

150.241.95.250

unknown

Spain

Details

IP:	150.241.95.250
TargetID:	-1
Country:	Spain
Countrycode:	ESP
ASN number:	207714
ASN name:	TECNALIAES
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

54.217.10.153

unknown

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

7f2594418000

page execute read

7f2594418000

page execute read

7f2614000000

page read and write

7f26183a8000

page read and write

7f2619761000

page read and write

7f261924f000

page read and write

7f2618bbe000

page read and write

7f261920f000

page read and write

55d93f1cd000

page execute and read and write

7f2619232000

page read and write

7f2619580000

page read and write

55d93cf3d000

page execute read

55d93d1cf000

page read and write

7f26198d7000

page read and write

55d93d1cf000

page read and write

7f2614021000

page read and write

55d93d1c5000

page read and write

55d93f1cd000

page execute and read and write

7f261924f000

page read and write

7f2619761000

page read and write

7f2618e6e000

page read and write

7f26183a8000

page read and write

55d93d1c5000

page read and write

7f2619892000

page read and write

7f26198d7000

page read and write

7f2594458000

page read and write

7f2619892000

page read and write

7f259445e000

page read and write

7f261920f000

page read and write

7fff98b05000

page read and write

7f2618e6e000

page read and write

7f2618bb0000

page read and write

7f261988a000

page read and write

7f2618bbe000

page read and write

7f261988a000

page read and write

55d93f1e4000

page read and write

55d940e9c000

page read and write

7f2594458000

page read and write

7f2614000000

page read and write

55d940e9c000

page read and write

7f259445e000

page read and write

7fff98b05000

page read and write

55d93f1e4000

page read and write

7f2618bb0000

page read and write

7f2614021000

page read and write

55d93cf3d000

page execute read

7fff98bf2000

page execute read

7f2619580000

page read and write

7f2619232000

page read and write

7fff98bf2000

page execute read

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mipsel.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmipsel.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
mipsel.elf