Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm7.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Domains

Name

Malicious

eighteen.pirate

103.253.147.242

Details

Name:	eighteen.pirate
IP:	103.253.147.242
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

nineteen.libre. [malformed]

unknown

75cents.libre. [malformed]

unknown

ru.coziest.lol. [malformed]

unknown

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

103.253.147.242

eighteen.pirate

Singapore

Details

IP:	103.253.147.242
TargetID:	-1
Country:	Singapore
Countrycode:	SGP
ASN number:	14061
ASN name:	DIGITALOCEAN-ASNUS
Private:	false
Domain:	eighteen.pirate

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

130.61.64.122

unknown

United States

Details

IP:	130.61.64.122
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	31898
ASN name:	ORACLE-BMC-31898US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f2f86e11000

page read and write

7f2f86ae3000

page read and write

7f2f86e56000

page read and write

5643d19f9000

page read and write

7f2f7ffff000

page read and write

7f2f86cc4000

page read and write

7f2f86cc4000

page read and write

7f2f86cc4000

page read and write

7f2f86ded000

page read and write

7ffde7d2b000

page execute read

7f2f86113000

page read and write

5643cf78a000

page execute read

7f2f86e56000

page read and write

7f2f86113000

page read and write

7f2f8590b000

page read and write

7ffde7cfe000

page read and write

7f2f86507000

page read and write

7f2f86e56000

page read and write

7f2f86113000

page read and write

7f2e8002f000

page execute read

7f2f80021000

page read and write

7ffde7cfe000

page read and write

7ffde7cfe000

page read and write

7f2f80021000

page read and write

7f2f861a5000

page read and write

7f2f86113000

page read and write

7ffde7cfe000

page read and write

5643d19f9000

page read and write

7f2f80021000

page read and write

7f2e80039000

page read and write

7f2f86901000

page read and write

5643cf9e4000

page read and write

7f2f86795000

page read and write

7f2f86ded000

page read and write

7f2e80039000

page read and write

7f2f86e11000

page read and write

7ffde7d2b000

page execute read

7f2f86e56000

page read and write

7ffde7d2b000

page execute read

7f2f86772000

page read and write

7f2f86e56000

page read and write

7f2f86ae3000

page read and write

7ffde7cfe000

page read and write

7f2f8590b000

page read and write

7f2e8002f000

page execute read

7ffde7cfe000

page read and write

5643cf9db000

page read and write

7f2e80030000

page read and write

5643cf9e4000

page read and write

7f2f86795000

page read and write

7f2f8590b000

page read and write

7f2f86795000

page read and write

7f2f80021000

page read and write

7f2f86795000

page read and write

5643d19e2000

page execute and read and write

7f2f86795000

page read and write

7f2f7ffff000

page read and write

7f2f86795000

page read and write

7f2f86e11000

page read and write

7f2f86ded000

page read and write

7f2f86ded000

page read and write

7f2f86ae3000

page read and write

5643cf78a000

page execute read

7f2e80030000

page read and write

5643cf9e4000

page read and write

5643cf9db000

page read and write

7f2f86507000

page read and write

7f2f86901000

page read and write

5643d26f7000

page read and write

7f2f86901000

page read and write

7f2f86507000

page read and write

7f2f86ae3000

page read and write

5643d26f7000

page read and write

7f2f86772000

page read and write

7f2f86113000

page read and write

7f2f86e11000

page read and write

7f2f86772000

page read and write

7f2f861a5000

page read and write

5643d19f9000

page read and write

5643d26f7000

page read and write

7ffde7d2b000

page execute read

5643cf9e4000

page read and write

5643cf9e4000

page read and write

7f2f86901000

page read and write

7f2f86ae3000

page read and write

7f2e8002f000

page execute read

7f2e80039000

page read and write

7f2f86e56000

page read and write

5643cf78a000

page execute read

7ffde7cfe000

page read and write

7f2e80030000

page read and write

5643d19f9000

page read and write

7f2e8002f000

page execute read

5643cf9db000

page read and write

7f2e80039000

page read and write

7f2e80030000

page read and write

7f2f86507000

page read and write

7f2f80021000

page read and write

7f2f86772000

page read and write

5643cf9db000

page read and write

7f2f8590b000

page read and write

5643d19f9000

page read and write

5643d26f7000

page read and write

7f2f861a5000

page read and write

5643cf9e4000

page read and write

7f2f86795000

page read and write

5643cf9e4000

page read and write

7f2f86113000

page read and write

7f2f86772000

page read and write

5643cf9db000

page read and write

7f2e8002f000

page execute read

5643d19f9000

page read and write

7f2f86772000

page read and write

5643d26f7000

page read and write

7f2f80021000

page read and write

5643d19e2000

page execute and read and write

7f2e80030000

page read and write

5643cf78a000

page execute read

7f2f86772000

page read and write

7f2f861a5000

page read and write

7f2f86901000

page read and write

7f2f7ffff000

page read and write

7f2f86ded000

page read and write

7f2f86ae3000

page read and write

7f2f86113000

page read and write

7f2f861a5000

page read and write

7f2e80039000

page read and write

5643d19f9000

page read and write

5643d26f7000

page read and write

7f2e80039000

page read and write

5643cf9db000

page read and write

7f2f86901000

page read and write

5643cf9db000

page read and write

7f2f86e11000

page read and write

5643d26f7000

page read and write

7f2e80030000

page read and write

7f2f8590b000

page read and write

5643d19e2000

page execute and read and write

7f2f86cc4000

page read and write

7f2f86ded000

page read and write

7f2f861a5000

page read and write

5643cf78a000

page execute read

5643d19e2000

page execute and read and write

7f2f86901000

page read and write

7f2e80030000

page read and write

7f2e8002f000

page execute read

7f2f8590b000

page read and write

7ffde7d2b000

page execute read

7f2f7ffff000

page read and write

7f2f86cc4000

page read and write

7ffde7d2b000

page execute read

7f2f7ffff000

page read and write

7f2f86507000

page read and write

7f2f8590b000

page read and write

7f2f7ffff000

page read and write

7f2f80021000

page read and write

7f2f86cc4000

page read and write

7f2f86e11000

page read and write

7f2f7ffff000

page read and write

7f2f861a5000

page read and write

7f2e8002f000

page execute read

7f2f86ded000

page read and write

7f2f86e56000

page read and write

5643d19e2000

page execute and read and write

7f2e80039000

page read and write

5643cf78a000

page execute read

7f2f86507000

page read and write

5643d19e2000

page execute and read and write

7f2f86507000

page read and write

5643cf78a000

page execute read

5643d19e2000

page execute and read and write

7f2f86cc4000

page read and write

7f2f86e11000

page read and write

7ffde7d2b000

page execute read

7f2f86ae3000

page read and write

There are 165 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
la.bot.arm7.elf