Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/mips.elf

URLs

Name

Malicious

http://hailcocks.ru/wget.sh;

unknown

Domains

Name

Malicious

kingstonwikkerink.dyn

91.149.218.232

Details

Name:	kingstonwikkerink.dyn
IP:	91.149.218.232
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

217.28.130.41

unknown

United Kingdom

Details

IP:	217.28.130.41
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	15839
ASN name:	COBWEB-NETGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

213.182.204.57

unknown

Latvia

Details

IP:	213.182.204.57
TargetID:	-1
Country:	Latvia
Countrycode:	LVA
ASN number:	9009
ASN name:	M247GB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

193.233.193.45

unknown

Russian Federation

Details

IP:	193.233.193.45
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

31.13.248.89

unknown

Bulgaria

Details

IP:	31.13.248.89
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34224
ASN name:	NETERRA-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

86.107.100.80

unknown

Romania

Details

IP:	86.107.100.80
TargetID:	-1
Country:	Romania
Countrycode:	ROU
ASN number:	38995
ASN name:	AMG-ASRO
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

88.151.195.22

unknown

Azerbaijan

Details

IP:	88.151.195.22
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

91.149.238.18

unknown

Poland

Details

IP:	91.149.238.18
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	41952
ASN name:	MARTON-ASPL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

81.29.149.178

unknown

Switzerland

Details

IP:	81.29.149.178
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	39616
ASN name:	COMUNICA_IT_SERVICESCH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

91.149.218.232

kingstonwikkerink.dyn

Poland

Details

IP:	91.149.218.232
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	198401
ASN name:	GECKONET-ASPL
Private:	false
Domain:	kingstonwikkerink.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

563d65b7f000

page execute read

7f4dfb3ea000

page read and write

563d67e26000

page read and write

563d65e11000

page read and write

7f4dfb6f4000

page read and write

7f4dfb6f4000

page read and write

563d65e07000

page read and write

7f4d74458000

page read and write

7f4dfaa28000

page read and write

563d67e0f000

page execute and read and write

7f4dfaa1a000

page read and write

7f4d74418000

page execute read

7f4dfaa28000

page read and write

7f4dfb741000

page read and write

7f4dfb6fc000

page read and write

7f4dfb0b9000

page read and write

7f4dfb5cb000

page read and write

563d692c9000

page read and write

7ffcffb8c000

page read and write

7f4df4000000

page read and write

7f4dfa212000

page read and write

7f4d74458000

page read and write

563d65e07000

page read and write

7f4df4021000

page read and write

7ffcffb8c000

page read and write

7f4dfb079000

page read and write

7f4df4000000

page read and write

7f4dfb09c000

page read and write

7f4dfb079000

page read and write

7f4dfb6fc000

page read and write

7f4dfa212000

page read and write

563d65e11000

page read and write

7f4dfacd8000

page read and write

7f4dfb09c000

page read and write

7f4d74418000

page execute read

7f4df4021000

page read and write

7ffcffbed000

page execute read

7ffcffbed000

page execute read

7f4d7445e000

page read and write

7f4dfaa1a000

page read and write

7f4dfb0b9000

page read and write

7f4dfb741000

page read and write

7f4dfb5cb000

page read and write

563d65b7f000

page execute read

7f4d7445e000

page read and write

563d692c9000

page read and write

7f4dfacd8000

page read and write

563d67e0f000

page execute and read and write

7f4dfb3ea000

page read and write

563d67e26000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mips.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmips.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
mips.elf