Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/i.elf

URLs

Name

Malicious

http://%s:%d/bin.sh;chmod

unknown

http://ipinfo.io/ip

unknown

http://%s:%d/Mozi.a;chmod

unknown

http://%s:%d/Mozi.m;/tmp/Mozi.m

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://%s:%d/bin.sh

unknown

http://purenetworks.com/HNAP1/

unknown

http://%s:%d/Mozi.m;

unknown

http://%s:%d/Mozi.m;$

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://HTTP/1.1

unknown

http://%s:%d/Mozi.a;sh$

unknown

http://127.0.0.1

unknown

http://baidu.com/%s/%s/%d/%s/%s/%s/%s)

unknown

http://schemas.xmlsoap.org/soap/envelope//

unknown

http://%s:%d/Mozi.m

unknown

http://127.0.0.1sendcmd

unknown

There are 7 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

7f524c06a000

page read and write

7f524c058000

page execute read

7f5351cce000

page read and write

7fff471aa000

page execute read

7f5350915000

page read and write

7fff47089000

page read and write

7f535177c000

page read and write

7f5351aed000

page read and write

7f534c021000

page read and write

7f5351e1b000

page read and write

5628ee0de000

page read and write

7f5351511000

page read and write

5628ec0c9000

page read and write

5628ec0c0000

page read and write

7f53511af000

page read and write

7f5351df7000

page read and write

5628efc51000

page read and write

5628ee0c8000

page execute and read and write

7f535190b000

page read and write

7f535111d000

page read and write

7f535179f000

page read and write

5628ebe6f000

page execute read

7f524c090000

page read and write

7f5351e60000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
i.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporti.elf

Processes

URLs

IPs

Memdumps

IOC Report
i.elf