Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.powerpc.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.powerpc.elf
Source:	la.bot.powerpc.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.powerpc.elf
Source:	la.bot.powerpc.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

563532b06000

page read and write

7fd9d5adc000

page read and write

7fd9d5a97000

page read and write

563532af0000

page execute and read and write

7ffddc7c9000

page read and write

7fd8e0023000

page read and write

5635332df000

page read and write

7fd9d0000000

page read and write

563530af2000

page read and write

7fd9d561b000

page read and write

7fd9d4f97000

page read and write

563530867000

page execute read

563530aea000

page read and write

7fd9d5966000

page read and write

7fd9d5234000

page read and write

7ffddc7cd000

page execute read

7fd9d4fa5000

page read and write

7fd9d5a8f000

page read and write

7fd9d0021000

page read and write

7fd9d55f6000

page read and write

7fd8e0013000

page execute read

7fd8e002a000

page read and write

7fd9d4794000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.powerpc.elf

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.powerpc.elf

Processes

URLs

Domains

Memdumps

IOC Report
la.bot.powerpc.elf