Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/vlxx.x86_64.elf

Domains

Name

Malicious

era-bot.zapto.org

147.93.12.224

Details

Name:	era-bot.zapto.org
IP:	147.93.12.224
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

147.93.12.224

era-bot.zapto.org

Belgium

Details

IP:	147.93.12.224
TargetID:	-1
Country:	Belgium
Countrycode:	BEL
ASN number:	6122
ASN name:	ICN-ASUS
Private:	false
Domain:	era-bot.zapto.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

419000

page execute read

Details

Name:	5533.1.0000000000400000.0000000000419000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	419000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Gafgyt	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Okiru	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

157e000

page read and write

7fffa0dab000

page read and write

522000

page read and write

52a000

page read and write

7fffa0db7000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
vlxx.x86_64.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportvlxx.x86_64.elf

Processes

Domains

IPs

Memdumps

IOC Report
vlxx.x86_64.elf