Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/sh4.elf

IPs

Domain

Country

Malicious

85.239.34.134

unknown

Russian Federation

Details

IP:	85.239.34.134
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	134121
ASN name:	RAINBOW-HKRainbownetworklimitedHK
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fd1ffb32000

page read and write

7fd1ff6b6000

page read and write

7fd1ff691000

page read and write

562f2bb22000

page read and write

7fd1f8021000

page read and write

7fd178410000

page read and write

7fd1ff032000

page read and write

562f29b05000

page read and write

562f2bb22000

page read and write

7fd1ff691000

page read and write

7fd178415000

page read and write

7fffbbc43000

page execute read

7fd1ff040000

page read and write

562f29b0d000

page read and write

7fd1ffb32000

page read and write

562f298ef000

page execute read

562f2c8f3000

page read and write

7fd1ff040000

page read and write

7fd1ffa01000

page read and write

562f298ef000

page execute read

7fd178410000

page read and write

7fd1ffa01000

page read and write

7fd1ff2cf000

page read and write

562f2bb0b000

page execute and read and write

7fd1ff6b6000

page read and write

7fd178415000

page read and write

7fd1f8000000

page read and write

7fffbbc43000

page execute read

7fd1ff032000

page read and write

7fffbbc10000

page read and write

562f29b0d000

page read and write

7fd1ff2cf000

page read and write

562f2bb0b000

page execute and read and write

7fffbbc10000

page read and write

7fd17840f000

page execute read

562f29b05000

page read and write

7fd1ffb2a000

page read and write

7fd1fe82f000

page read and write

7fd1f8000000

page read and write

7fd1ffb77000

page read and write

7fd1ffb77000

page read and write

7fd17840f000

page execute read

562f2c8f3000

page read and write

7fd1fe82f000

page read and write

7fd1f8021000

page read and write

7fd1ffb2a000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sh4.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsh4.elf

Processes

IPs

Memdumps

IOC Report
sh4.elf