Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/meow.arm7.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.NA12ehSwW9 /tmp/tmp.LhvMiYHory /tmp/tmp.i3CCLNAnoB

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.NA12ehSwW9

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.NA12ehSwW9

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.NA12ehSwW9 /tmp/tmp.LhvMiYHory /tmp/tmp.i3CCLNAnoB

There are 12 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

64.137.31.246

unknown

United States

Details

IP:	64.137.31.246
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	61317
ASN name:	ASDETUKhttpwwwheficedcomGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffed0864000

page execute read

7f68f4021000

page read and write

7f68fc741000

page read and write

7f67f4031000

page execute read

55a87a175000

page read and write

7f68f3fff000

page read and write

7f68fcc96000

page read and write

7f68fc5d5000

page read and write

7f68fcb04000

page read and write

55a878160000

page read and write

7f68fcc2d000

page read and write

7f68fc5b2000

page read and write

7f68fb74b000

page read and write

7f68fc347000

page read and write

7f68fbf53000

page read and write

7f67f4039000

page read and write

7f68fcc51000

page read and write

55a87bd5f000

page read and write

7f68fc923000

page read and write

55a878157000

page read and write

7ffed0806000

page read and write

55a877f06000

page execute read

7f68fbfe5000

page read and write

55a87a15e000

page execute and read and write

7f67f4040000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
meow.arm7.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmeow.arm7.elf

Processes

IPs

Memdumps

IOC Report
meow.arm7.elf