Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/qkbfi86.elf

Domains

Name

Malicious

raw.eye-network.ru

213.232.235.18

Details

Name:	raw.eye-network.ru
IP:	213.232.235.18
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

raw.eye-network.ru. [malformed]

unknown

IPs

Domain

Country

Malicious

213.232.235.18

raw.eye-network.ru

Russian Federation

Details

IP:	213.232.235.18
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39824
ASN name:	ALMANET-ASKZ
Private:	false
Domain:	raw.eye-network.ru

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

805c000

page execute read

Details

Name:	5519.1.0000000008048000.000000000805c000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	805c000
Size:	81920

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Okiru	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

f7f58000

page execute read

a048000

page read and write

8066000

page read and write

ff97e000

page read and write

8061000

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
qkbfi86.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportqkbfi86.elf

Processes

Domains

IPs

Memdumps

IOC Report
qkbfi86.elf