Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zone.mipsle.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/zone.mipsle.elf
Source:	zone.mipsle.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffee474b000

page read and write

561f6b4e7000

page execute read

7f3e88d6d000

page read and write

561f6b76f000

page read and write

7f3e89412000

page read and write

7f3e7f7ff000

page read and write

7f3e88d4a000

page read and write

7f3e8929c000

page read and write

7f3e889a9000

page read and write

7f3e88d8a000

page read and write

561f6e3c8000

page read and write

7f3e886eb000

page read and write

7f3e00570000

page read and write

561f6d78e000

page read and write

7f3e890bb000

page read and write

7f3e00fa0000

page read and write

7f3e893cd000

page read and write

7ffee478f000

page execute read

561f6d777000

page execute and read and write

7f3e7b4c6000

page read and write

7f3e886f9000

page read and write

7f3e893c5000

page read and write

561f6b779000

page read and write

7f3e80000000

page read and write

7f3e87ee3000

page read and write

7f3e0056e000

page execute read

7f3e80021000

page read and write

7f3e01400000

page read and write

There are 18 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zone.mipsle.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzone.mipsle.elf

Processes

URLs

IPs

Memdumps

IOC Report
zone.mipsle.elf