Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

IcwrPqGkXP

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	5.296758508714272
Filename:	IcwrPqGkXP
Filesize:	71764
MD5:	18fe913ce8856fc1ea6ebc0412e09da7
SHA1:	ff1494dd42dcda452120a9af38a1f5550bd29c55
SHA256:	dea614c4a0a319bb53e0d5d9b77d360e23d79e43e4c7a5179c9c3f6b66c26e74
SHA512:	487221c1701546a05d979979ff75ceaf3600c504da5b6581ea90e627a81b07869442431a4d1b157cb9620c60d92d9d3ddee7d8de37249b7b402bc419eb4da617
SSDEEP:	1536:WkvDSnAd6mYoPdd8TVs1o0vB1tA0iLuYw2+O/82:WkLSA3vGko0pTAmYw2+OE2
Preview:	.ELF.....................@.`...4...L.....4. ...(.............@...@...........................E...E..................dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'......!........'9.

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/proc/5290/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5290/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5405/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5405/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.26.dr
ID:	dr_2
Target ID:	26
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5407/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5407/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.30.dr
ID:	dr_4
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.30.dr
ID:	dr_5
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:E4v:Ei
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/IcwrPqGkXP

n/a

/tmp/IcwrPqGkXP

n/a

/tmp/IcwrPqGkXP

n/a

/tmp/IcwrPqGkXP

n/a

/tmp/IcwrPqGkXP

n/a

/tmp/IcwrPqGkXP

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 9 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

151.142.57.149

unknown

United States

186.246.4.65

unknown

Brazil

136.244.180.180

unknown

United States

114.246.134.99

unknown

China

87.99.160.241

unknown

Sweden

220.10.138.154

unknown

Japan

111.98.122.40

unknown

Japan

168.245.234.50

unknown

United States

191.169.131.225

unknown

Brazil

201.21.20.15

unknown

Brazil

115.191.0.168

unknown

China

182.67.0.254

unknown

India

184.254.1.5

unknown

United States

149.12.44.6

unknown

United States

240.193.66.243

unknown

Reserved

216.221.62.137

unknown

Canada

130.250.57.142

unknown

United States

92.210.255.138

unknown

Germany

175.244.101.81

unknown

Korea Republic of

109.226.128.16

unknown

Germany

133.120.23.87

unknown

Japan

148.70.47.116

unknown

China

42.203.248.247

unknown

China

60.158.0.171

unknown

Japan

151.112.119.144

unknown

United States

110.111.113.82

unknown

China

113.180.223.7

unknown

Viet Nam

61.185.194.127

unknown

China

67.206.151.115

unknown

United States

158.126.37.100

unknown

Sweden

213.146.201.54

unknown

Portugal

59.19.24.218

unknown

Korea Republic of

155.2.116.79

unknown

United States

85.45.125.184

unknown

Italy

5.160.167.152

unknown

Iran (ISLAMIC Republic Of)

31.121.69.183

unknown

United Kingdom

159.7.220.25

unknown

Sweden

83.44.49.14

unknown

Spain

84.247.123.155

unknown

Romania

216.80.250.213

unknown

United States

61.111.143.75

unknown

Korea Republic of

93.169.65.140

unknown

Saudi Arabia

195.223.249.170

unknown

Italy

8.135.206.253

unknown

Singapore

192.244.191.206

unknown

Japan

138.236.115.201

unknown

United States

94.42.249.41

unknown

Poland

199.3.5.110

unknown

United States

149.115.226.181

unknown

United States

96.66.178.36

unknown

United States

195.66.5.176

unknown

Germany

121.201.230.87

unknown

China

188.13.148.235

unknown

Italy

246.179.47.128

unknown

Reserved

246.9.73.167

unknown

Reserved

164.113.178.223

unknown

United States

44.26.197.42

unknown

United States

197.2.84.140

unknown

Tunisia

78.50.41.178

unknown

Germany

38.217.98.240

unknown

United States

115.247.124.243

unknown

India

184.11.40.157

unknown

United States

16.142.65.134

unknown

United States

204.8.204.13

unknown

Angola

223.221.104.203

unknown

China

45.145.30.173

unknown

Turkey

82.141.139.16

unknown

Hungary

219.21.25.139

unknown

Japan

185.70.34.116

unknown

United Kingdom

35.84.199.85

unknown

United States

48.233.101.228

unknown

United States

175.219.69.250

unknown

Korea Republic of

76.145.199.51

unknown

United States

123.73.29.199

unknown

China

221.163.247.179

unknown

Korea Republic of

183.3.52.187

unknown

China

17.109.252.29

unknown

United States

99.48.195.62

unknown

United States

102.112.147.46

unknown

Mauritius

222.43.48.173

unknown

China

117.186.4.82

unknown

China

96.1.87.79

unknown

Canada

157.10.154.106

unknown

247.78.135.221

unknown

Reserved

71.161.252.154

unknown

United States

72.113.124.144

unknown

United States

115.30.102.59

unknown

Taiwan; Republic of China (ROC)

121.231.7.49

unknown

China

254.5.211.44

unknown

Reserved

97.250.16.26

unknown

United States

85.136.14.63

unknown

Spain

211.91.48.146

unknown

China

48.171.221.80

unknown

United States

9.172.67.125

unknown

United States

255.56.145.124

unknown

Reserved

203.27.10.136

unknown

China

106.34.174.230

unknown

China

210.226.36.155

unknown

Japan

32.1.117.241

unknown

United States

212.249.81.39

unknown

Switzerland

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

IPs