Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/spc.elf

URLs

Name

Malicious

https://www.youtube.ru/watch?v=OGp9P6QvMjYmb0V2dy9yai5Waid3bwRWZulmLvNQbAAABCDEFGHIJKLMNOPQRSTUVWXYZ

unknown

Details

Name:	https://www.youtube.ru/watch?v=OGp9P6QvMjYmb0V2dy9yai5Waid3bwRWZulmLvNQbAAABCDEFGHIJKLMNOPQRSTUVWXYZ
TargetID:	12
From Memory:	true
Current Path:	/tmp/spc.elf
Source:	spc.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

https://www.youtube.ru/watch?v=OGp9P6QvMjY

unknown

Details

Name:	https://www.youtube.ru/watch?v=OGp9P6QvMjY
TargetID:	12
From Memory:	true
Current Path:	/tmp/spc.elf
Source:	spc.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f79eaf00000

page read and write

7f79eb551000

page read and write

7f79e4021000

page read and write

55efe38ce000

page read and write

7fff28734000

page execute read

7fff28721000

page read and write

55efe58cc000

page execute and read and write

7f79eb18f000

page read and write

7f79eb8c1000

page read and write

7f79eb9ea000

page read and write

7f79eba37000

page read and write

7f78e4027000

page read and write

7f79eb9f2000

page read and write

7f79ea6ef000

page read and write

55efe6b6f000

page read and write

7f78e4022000

page execute read

55efe3697000

page execute read

7f79e4000000

page read and write

7f78e4023000

page read and write

55efe38c5000

page read and write

7f79eaef2000

page read and write

55efe58e3000

page read and write

7f79eb576000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
spc.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportspc.elf

Processes

URLs

IPs

Memdumps

IOC Report
spc.elf