Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/arm6.elf

URLs

Name

Malicious

https://www.youtube.ru/watch?v=OGp9P6QvMjYmb0V2dy9yai5Waid3bwRWZulmLvNQbAAABCDEFGHIJKLMNOPQRSTUVWXYZ

unknown

Details

Name:	https://www.youtube.ru/watch?v=OGp9P6QvMjYmb0V2dy9yai5Waid3bwRWZulmLvNQbAAABCDEFGHIJKLMNOPQRSTUVWXYZ
TargetID:	12
From Memory:	true
Current Path:	/tmp/arm6.elf
Source:	arm6.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

https://www.youtube.ru/watch?v=OGp9P6QvMjY

unknown

Details

Name:	https://www.youtube.ru/watch?v=OGp9P6QvMjY
TargetID:	12
From Memory:	true
Current Path:	/tmp/arm6.elf
Source:	arm6.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fda54429000

page read and write

7fda55127000

page read and write

7fd94c02a000

page read and write

7fda54df9000

page read and write

7fda5481d000

page read and write

7fffaddc4000

page read and write

7fda544bb000

page read and write

7fda4bfff000

page read and write

55a7d67e0000

page execute and read and write

7fd94c021000

page execute read

7fda54a88000

page read and write

55a7d743b000

page read and write

55a7d67f7000

page read and write

7fda53c21000

page read and write

7fda54aab000

page read and write

7fda5516c000

page read and write

55a7d47d9000

page read and write

7fda54fda000

page read and write

7fda54c17000

page read and write

7fd94c02c000

page read and write

7fda4c021000

page read and write

7fffadde5000

page execute read

55a7d4588000

page execute read

7fda55103000

page read and write

55a7d47e2000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
arm6.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportarm6.elf

Processes

URLs

IPs

Memdumps

IOC Report
arm6.elf