IOC Report
la.bot.arm.elf

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm.elf

/tmp/la.bot.arm.elf

/tmp/la.bot.arm.elf

-

/tmp/la.bot.arm.elf

-

/tmp/la.bot.arm.elf

-

/tmp/la.bot.arm.elf

-

/tmp/la.bot.arm.elf

-

URLs

Name

IP

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm.elf
Source:	la.bot.arm.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm.elf
Source:	la.bot.arm.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55c9b9d38000

page read and write

7f5068039000

page read and write

7f5170a98000

page read and write

55c9b9d21000

page execute and read and write

7f5068032000

page read and write

7f5170c27000

page read and write

55c9ba65f000

page read and write

7f5068029000

page execute read

55c9b7d1a000

page read and write

7f5170fea000

page read and write

55c9ba65f000

page read and write

7f5170e09000

page read and write

7ffd4e690000

page read and write

7f5171113000

page read and write

7ffd4e6d8000

page execute read

7f5170a98000

page read and write

55c9b7ac9000

page execute read

7f5170fea000

page read and write

7f5168021000

page read and write

55c9b7d23000

page read and write

7f5170a98000

page read and write

7f5168021000

page read and write

55c9b7ac9000

page execute read

55c9b7d1a000

page read and write

7f517117c000

page read and write

7f516fc31000

page read and write

7f5170e09000

page read and write

7f5170c27000

page read and write

7f517082d000

page read and write

7ffd4e690000

page read and write

7f517082d000

page read and write

7f5171137000

page read and write

55c9b9d21000

page execute and read and write

7f516fc31000

page read and write

7f5170abb000

page read and write

7f5170abb000

page read and write

7f5170439000

page read and write

7f51704cb000

page read and write

55c9b7ac9000

page execute read

55c9b7d23000

page read and write

7f516fc31000

page read and write

7f517117c000

page read and write

7f5068039000

page read and write

7f5171137000

page read and write

7f5167fff000

page read and write

7ffd4e690000

page read and write

55c9b9d21000

page execute and read and write

7f5171113000

page read and write

7f517082d000

page read and write

7f5170439000

page read and write

7f5068032000

page read and write

55c9b9d38000

page read and write

7f5170abb000

page read and write

7f5170e09000

page read and write

7f5167fff000

page read and write

55c9b9d38000

page read and write

7ffd4e6d8000

page execute read

7f5170c27000

page read and write

7f5068029000

page execute read

7f51704cb000

page read and write

7f517117c000

page read and write

7f5167fff000

page read and write

7ffd4e6d8000

page execute read

7f5170439000

page read and write

7f5068032000

page read and write

7f5068039000

page read and write

7f5068029000

page execute read

7f51704cb000

page read and write

55c9b7d23000

page read and write

7f5168021000

page read and write

7f5171113000

page read and write

7f5171137000

page read and write

55c9b7d1a000

page read and write

55c9ba65f000

page read and write

7f5170fea000

page read and write

There are 65 hidden memdumps, click here to show them.