Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sora.arm

ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy:	5.973009415949496
Filename:	sora.arm
Filesize:	56880
MD5:	be53dbd9067ec4960a79a5a273d98fab
SHA1:	2542023e69a80e86a1f9c1af3bb4a0c09c81f46a
SHA256:	50aa5219ad1080a17954597f9370aff75b579f8e550ca196fd4d298ff860a67b
SHA512:	b3413bd5e7c7b69a54784d6fae5c4ce69482903deed62027d661d8ab442a4e4f895e9ef69674be77a5a9229131d8c5c7e07732ed70d7a703b6d848a06229b8bf
SSDEEP:	768:30ESWRYSaG0wBXAy9abThYrB2dPsnjVB5uEBwLRzqmPrqYhH8qkJSULwCVy/rCxE:dSaP0waejVMqY/cJ8fhWfM5tMd7oHm
Preview:	.ELF...a..........(.........4...........4. ...(.....................................................t...............Q.td..................................-...L."....4..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/proc/5282/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5282/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.20.dr
ID:	dr_1
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.9219280948873623
Encrypted:	false
Ssdeep:	3:CF:CF
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 1 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

4.55.11.241

unknown

United States

84.117.68.253

unknown

Netherlands

167.187.21.223

unknown

United States

242.255.56.220

unknown

Reserved

161.80.220.44

unknown

United States

117.27.105.202

unknown

China

14.178.101.117

unknown

Viet Nam

155.103.35.42

unknown

United States

43.28.51.144

unknown

Japan

99.255.50.46

unknown

Canada

138.204.84.27

unknown

Brazil

218.237.30.108

unknown

Korea Republic of

198.38.244.233

unknown

United States

113.112.200.78

unknown

China

70.171.195.170

unknown

United States

31.31.135.149

unknown

Belgium

27.61.12.140

unknown

India

248.214.159.198

unknown

Reserved

90.76.221.211

unknown

France

164.10.127.115

unknown

Sweden

196.248.26.0

unknown

South Africa

79.10.129.189

unknown

Italy

121.148.29.153

unknown

Korea Republic of

57.138.213.143

unknown

Belgium

120.212.187.165

unknown

China

206.206.98.0

unknown

United States

19.129.114.112

unknown

United States

168.98.201.162

unknown

United States

88.141.109.122

unknown

France

47.46.55.100

unknown

United States

168.235.188.142

unknown

United States

97.108.2.149

unknown

Canada

34.45.16.134

unknown

United States

78.66.23.17

unknown

Sweden

45.250.59.199

unknown

India

84.0.112.232

unknown

Hungary

86.96.126.175

unknown

United Arab Emirates

18.38.79.125

unknown

United States

47.76.139.3

unknown

United States

58.126.77.117

unknown

Korea Republic of

182.241.248.253

unknown

China

183.125.207.61

unknown

Korea Republic of

93.130.191.52

unknown

Germany

57.70.235.20

unknown

Belgium

101.233.126.238

unknown

China

254.218.41.67

unknown

Reserved

158.209.127.74

unknown

Japan

95.167.9.132

unknown

Russian Federation

201.31.3.43

unknown

Brazil

13.151.196.62

unknown

United States

217.83.112.79

unknown

Germany

178.171.248.203

unknown

Syrian Arab Republic

174.239.21.252

unknown

United States

185.42.139.195

unknown

Sweden

193.70.144.166

unknown

Italy

124.51.246.28

unknown

Korea Republic of

176.11.44.226

unknown

Norway

171.212.68.22

unknown

China

252.7.153.45

unknown

Reserved

8.138.112.156

unknown

Singapore

250.159.208.197

unknown

Reserved

96.53.0.135

unknown

Canada

146.252.65.231

unknown

United States

207.128.45.33

unknown

United States

96.102.137.10

unknown

United States

124.36.206.242

unknown

Japan

195.149.138.21

unknown

Sweden

162.179.208.125

unknown

United States

170.22.45.118

unknown

United States

110.242.6.176

unknown

China

115.99.154.231

unknown

India

62.195.46.122

unknown

Netherlands

173.161.184.194

unknown

United States

191.82.133.18

unknown

Argentina

68.45.115.70

unknown

United States

251.35.55.52

unknown

Reserved

84.220.234.180

unknown

Italy

107.18.39.9

unknown

United States

24.154.154.217

unknown

United States

198.27.93.15

unknown

Canada

182.203.239.166

unknown

China

185.138.105.250

unknown

France

195.99.43.137

unknown

United Kingdom

114.156.131.62

unknown

Japan

111.104.212.232

unknown

Japan

196.122.13.10

unknown

Morocco

250.27.96.100

unknown

Reserved

145.62.30.67

unknown

Netherlands

87.243.148.188

unknown

Austria

115.127.175.5

unknown

Bangladesh

189.78.86.126

unknown

Brazil

249.212.143.196

unknown

Reserved

151.188.183.20

unknown

United States

184.247.40.201

unknown

United States

86.255.245.37

unknown

France

200.248.129.243

unknown

Brazil

70.9.189.25

unknown

United States

82.193.159.74

unknown

Russian Federation

243.151.79.213

unknown

Reserved

147.112.122.32

unknown

Norway

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

IPs