Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

dlr.mips.elf

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	4.789405361037801
Filename:	dlr.mips.elf
Filesize:	2080
MD5:	87cf97359604746cbca018ba33cf8bfc
SHA1:	d07ad880b56cf29da33a36aa9533d24c022a0cfd
SHA256:	a5c044028e5b2aa2cb837419dba772124ac293529251089727ddde63c6745dec
SHA512:	80cdec0ce9a4a4fbc9c8bd1bfb2bcfe06c186903d0f298eb1cdbdf05591c5d82c9583aedca73e1df16a52e6ca28ab177567ac4569168dacc87aca134db03e323
SSDEEP:	48:ZzJmYdYQfi9bY1dHfu4qJ/EYEBD3WlrBZ4rmWy31:lJme69b3/EYEBDWlrBUo1
Preview:	.ELF.....................@.....4.........4. ...(.............@...@.....x...x.................D...D.....T...p........dt.Q........................................0...0........G.%..&.0....D.%..2......F.%<...'......!...\..(!. ..$...<...'......!...\..(!. ..$..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Writes ELF files to disk	Persistence and Installation Behavior
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/tmp/dvrHelper

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

dropped

Details

File:	/tmp/dvrHelper
Category:	dropped
Dump:	dvrHelper.12.dr
ID:	dr_0
Target ID:	12
Process:	/tmp/dlr.mips.elf
Type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	5.36111521725104
Encrypted:	false
Ssdeep:	1536:7vlL8oK5rrVanJfhHuvJ+QQtf4tUpLuuhLh+TJXtBLL5/FQMqnDs8M9x3o:V8F5rrcnJfhHuvJJuuuph+DFAs8Qdo
Size:	114228
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Writes ELF files to disk	Persistence and Installation Behavior

Processes

Path

Cmdline

Malicious

/tmp/dlr.mips.elf

IPs

Domain

Country

Malicious

190.123.46.55

unknown

Panama

Details

IP:	190.123.46.55
TargetID:	-1
Country:	Panama
Countrycode:	PAN
ASN number:	265540
ASN name:	ALTANREDESSAPIdeCVMX
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fc368021000

page read and write

558facaaf000

page read and write

558faaa9a000

page read and write

7fc36fb2a000

page read and write

558faaa90000

page read and write

7fc36ee48000

page read and write

7fc36fb22000

page read and write

7fc36f9f9000

page read and write

7fc36f4a7000

page read and write

7ffd05935000

page read and write

7fc36ee56000

page read and write

558faca98000

page execute and read and write

7fc36f818000

page read and write

7ffd05991000

page execute read

7fc36e640000

page read and write

7fc36f4e7000

page read and write

558fad5f4000

page read and write

7fc36fb6f000

page read and write

7fc36f106000

page read and write

7fc368000000

page read and write

7fc2e8441000

page read and write

7fc36f4ca000

page read and write

558faa808000

page execute read

7fc2e8401000

page execute read

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
dlr.mips.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportdlr.mips.elf

Files

Processes

IPs

Memdumps

IOC Report
dlr.mips.elf