IOC Report
mips64.elf

loading gif

Files

File Path
Type
Category
Malicious
mips64.elf
ELF 64-bit MSB executable, MIPS, MIPS64 version 1 (SYSV), statically linked, with debug_info, not stripped
initial sample
 malicious
/tmp/Infected.log
ASCII text, with CRLF line terminators
dropped
/tmp/qemu-open.cgdCha (deleted)
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/mips64.elf
/tmp/mips64.elf
/tmp/mips64.elf
-
/tmp/mips64.elf
-

URLs

Name
IP
Malicious
https://developers.google.com/search/docs/advanced/crawling/overview-google-crawlers)
unknown
http://www.spidersoft.com)
unknown
http://help.yahoo.com/help/us/ysearch/slurp)
unknown
http://www.google.com/bot.html)
unknown
181.214.231.152:96666
http://www.google.com/mobile/adsbot.html)
unknown

IPs

IP
Domain
Country
Malicious
181.214.231.152
unknown
Chile
malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
120057000
page execute read
 malicious
120057000
page execute read
 malicious
120057000
page execute read
 malicious
55a0c349c000
page read and write
7f19ce73a000
page read and write
7f19ce6f5000
page read and write
55a0c2a51000
page read and write
55a0c2a51000
page read and write
7f19ce3e3000
page read and write
7f19ce0b2000
page read and write
55a0c2a3a000
page execute and read and write
7ffc6ba64000
page read and write
7f19ce6f5000
page read and write
7f19cda21000
page read and write
7f19ce072000
page read and write
7f19cd20b000
page read and write
7f19c8021000
page read and write
7f19ce5c4000
page read and write
7f19cda13000
page read and write
7f19cda13000
page read and write
7f19ce095000
page read and write
7f19ce095000
page read and write
55a0c0a3c000
page read and write
7ffc6baa8000
page execute read
7f19ce3e3000
page read and write
7f19cda21000
page read and write
7f19cda13000
page read and write
4000801000
page read and write
7f19c8021000
page read and write
7f19ce6ed000
page read and write
7f19ce072000
page read and write
7f19cdcd1000
page read and write
55a0c0a31000
page read and write
55a0c0a3c000
page read and write
7f19ce6ed000
page read and write
7f19ce5c4000
page read and write
7f19cdcd1000
page read and write
7f19ce0b2000
page read and write
7f19cd20b000
page read and write
55a0c0a31000
page read and write
7f19ce0b2000
page read and write
55a0c2a3a000
page execute and read and write
55a0c2a3a000
page execute and read and write
12015b000
page read and write
12015b000
page read and write
7ffc6baa8000
page execute read
7ffc6ba64000
page read and write
55a0c07a7000
page execute read
7f19ce3e3000
page read and write
55a0c07a7000
page execute read
55a0c07a7000
page execute read
7f19ce072000
page read and write
7f19cdcd1000
page read and write
7f19cda21000
page read and write
7ffc6baa8000
page execute read
12015b000
page read and write
4000801000
page read and write
7ffc6ba64000
page read and write
120163000
page read and write
7f19ce095000
page read and write
120163000
page read and write
55a0c0a3c000
page read and write
7f19ce6ed000
page read and write
7f19ce73a000
page read and write
120163000
page read and write
55a0c2a51000
page read and write
7f19ce6f5000
page read and write
55a0c0a31000
page read and write
55a0c349c000
page read and write
7f19ce5c4000
page read and write
55a0c349c000
page read and write
7f19c8021000
page read and write
4000801000
page read and write
7f19cd20b000
page read and write
7f19ce73a000
page read and write
There are 65 hidden memdumps, click here to show them.