Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/sh4.elf

IPs

Domain

Country

Malicious

85.239.34.134

unknown

Russian Federation

Details

IP:	85.239.34.134
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	134121
ASN name:	RAINBOW-HKRainbownetworklimitedHK
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f57e4411000

page execute read

7f5864021000

page read and write

7f586b982000

page read and write

5563e65cb000

page execute and read and write

7f586bcf2000

page read and write

5563e83af000

page read and write

7f586be68000

page read and write

7f586b323000

page read and write

7f57e4417000

page read and write

7f57e4412000

page read and write

7f586be23000

page read and write

7f586b5c0000

page read and write

5563e45c5000

page read and write

7ffcd65d1000

page execute read

5563e43af000

page execute read

7f586b331000

page read and write

7f5864000000

page read and write

7ffcd6546000

page read and write

7f586be1b000

page read and write

7f586b9a7000

page read and write

5563e65e2000

page read and write

5563e45cd000

page read and write

7f586ab20000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sh4.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsh4.elf

Processes

IPs

Memdumps

IOC Report
sh4.elf