Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

e1x.arm.elf

ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy:	6.173223766516256
Filename:	e1x.arm.elf
Filesize:	62860
MD5:	1ac3922918ae97b73e74f527dec3a3a8
SHA1:	e7f469c2f60cdef5a496fccde3b3a82a148c5c9f
SHA256:	a16770e486dedece7dd910974b3cf62a81c065abe1a6d61cd1e6b69df44e0b8c
SHA512:	4a14a69ed6482ac08b205a923ecc8c44fdb729172159e62e4b23e21885fc5ed4383f581bc2a82a4d554967cab2bd131361d9a742da93a399fcd61865dc1503ac
SSDEEP:	768:hFyZt5LB1YS5pdY6AAnl4Ac2yDAYOvBn+4jzXaPMp6OG3OwUYzc4Vv3Bv1oI:SLBvCqnl4ApyDArvVBpRjwUJ4FBv+
Preview:	.ELF...a..........(.........4...........4. ...(.....................(...(................................2..........Q.td..................................-...L."....6..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample deletes itself	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates hidden files and/or directories	Persistence and Installation Behavior	Hidden Files and Directories
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sleeps for long times indicative of sandbox evasion	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/tmp/.system_idle

ASCII text

dropped

Details

File:	/tmp/.system_idle
Category:	dropped
Dump:	.system_idle.12.dr
ID:	dr_0
Target ID:	12
Process:	/tmp/e1x.arm.elf
Type:	ASCII text
Entropy:	1.9219280948873623
Encrypted:	false
Ssdeep:	3:Es:Es
Size:	5
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates hidden files and/or directories	Persistence and Installation Behavior	Hidden Files and Directories

Processes

Path

Cmdline

Malicious

/tmp/e1x.arm.elf

IPs

Domain

Country

Malicious

194.87.35.204

unknown

Russian Federation

Details

IP:	194.87.35.204
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	25369
ASN name:	BANDWIDTH-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f7eec026000

page execute read

7f7ff278c000

page read and write

7f7ff20a8000

page read and write

7fff2d1fa000

page execute read

7f7ff25fa000

page read and write

7f7ff2723000

page read and write

7f7eec02f000

page read and write

7f7ff2419000

page read and write

7f7ff20cb000

page read and write

556d3d745000

page read and write

7f7ff1e3d000

page read and write

556d3f763000

page read and write

7f7ff2747000

page read and write

7f7febfff000

page read and write

556d3f74c000

page execute and read and write

7f7ff1241000

page read and write

7f7ff1adb000

page read and write

556d413bb000

page read and write

556d3d4f4000

page execute read

556d3d74e000

page read and write

7f7eec032000

page read and write

7f7ff2237000

page read and write

7f7ff1a49000

page read and write

7f7fec021000

page read and write

7fff2d1f3000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
e1x.arm.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporte1x.arm.elf

Files

Processes

IPs

Memdumps

IOC Report
e1x.arm.elf