Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/x86_64.bin.elf

URLs

Name

Malicious

http://upx.sf.

unknown

http://upx.sf.n

unknown

http://185.196.10.215:12234/hi.sh

unknown

http://upx.sf.net

unknown

http://upx.sf

unknown

http://upx.sf.nethttp://upx.sf.netCONFIG:

unknown

http://help.yahoo.com/help/us/ysearch/slurp)

unknown

http://www.google.com/bot.html)

unknown

http://help.yahoo.com/help/us/shop/merchant/)Mozilla/5.0

unknown

http://help.yahoo.com/help/us/shop/merchant/)

unknown

http://upx.sf.neU

unknown

http://help.yahoo.com/help/us/ysearch/slurp)Mozilla/5.0

unknown

http://www.google.com/bot.html)Mozilla/5.0

unknown

http://http://uhttp://uphttp://upxhttp://upx.http://upx.shttp://upx.sfhttp://upx.sf.nethttp://upx.sf

unknown

http://www.googlebot.com/bot.html)

unknown

http://www.googlebot.com/bot.html)Mozilla/4.0

unknown

There are 6 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

198.50.207.21

unknown

Canada

Details

IP:	198.50.207.21
TargetID:	-1
Country:	Canada
Countrycode:	CAN
ASN number:	16276
ASN name:	OVHFR
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f3af197f000

page read and write

7f3aaaf0e000

page read and write

7f3aad01f000

page read and write

7f3aab01f000

page read and write

7f3add1a0000

page read and write

7f3af1426000

page read and write

7f3abd1a0000

page read and write

df5000

page read and write

7fffd5420000

page read and write

a4f000

page execute read

7f3aab00e000

page read and write

7fffd5590000

page execute read

7f3af18a0000

page read and write

7f3aef050000

page read and write

c000800000

page read and write

There are 5 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
x86_64.bin.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportx86_64.bin.elf

Processes

URLs

IPs

Memdumps

IOC Report
x86_64.bin.elf