Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/vlxx.x86.elf

Domains

Name

Malicious

era-bot.zapto.org

147.93.12.224

Details

Name:	era-bot.zapto.org
IP:	147.93.12.224
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

147.93.12.224

era-bot.zapto.org

Belgium

Details

IP:	147.93.12.224
TargetID:	-1
Country:	Belgium
Countrycode:	BEL
ASN number:	6122
ASN name:	ICN-ASUS
Private:	false
Domain:	era-bot.zapto.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

805a000

page execute read

Details

Name:	5842.1.0000000008048000.000000000805a000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	805a000
Size:	73728

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Okiru	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

805f000

page read and write

8064000

page read and write

f7f0d000

page execute read

9bb6000

page read and write

ffc1d000

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
vlxx.x86.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportvlxx.x86.elf

Processes

Domains

IPs

Memdumps

IOC Report
vlxx.x86.elf