Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/tmp/Antisocial.x86

n/a

/usr/bin/dash

n/a

/usr/bin/cat

cat /tmp/tmp.zwbUWO1Xs3

/usr/bin/dash

n/a

/usr/bin/head

head -n 10

/usr/bin/dash

n/a

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

n/a

/usr/bin/cut

cut -c -80

/usr/bin/dash

n/a

/usr/bin/cat

cat /tmp/tmp.zwbUWO1Xs3

/usr/bin/dash

n/a

/usr/bin/head

head -n 10

/usr/bin/dash

n/a

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

n/a

/usr/bin/cut

cut -c -80

/usr/bin/dash

n/a

/usr/bin/rm

rm -f /tmp/tmp.zwbUWO1Xs3 /tmp/tmp.7ybUxelKh4 /tmp/tmp.tWQiSu25Ld

There are 32 hidden processes, click here to show them.

URLs

Name

Malicious

http://127.0.0.1:52869/picdesc.xml

91.214.119.191

Details

Name:	http://127.0.0.1:52869/picdesc.xml
IP:	91.214.119.191
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking

http://127.0.0.1:52869/wanipcn.xml

91.214.119.191

Details

Name:	http://127.0.0.1:52869/wanipcn.xml
IP:	91.214.119.191
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking

http://194.87.42.3/Anti_Bins/Antisocial.mips

unknown

Details

Name:	http://194.87.42.3/Anti_Bins/Antisocial.mips
TargetID:	21029
From Memory:	true
Source:	Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/encoding/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/encoding/
TargetID:	21029
From Memory:	true
Source:	Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

https://ubuntu.com/blog/microk8s-memory-optimisation

unknown

Details

Name:	https://ubuntu.com/blog/microk8s-memory-optimisation
TargetID:	48
From Memory:	true
Current Path:	/usr/bin/cut
Source:	motd-news.48.dr
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/envelope/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/envelope/
TargetID:	21029
From Memory:	true
Source:	Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

45.128.94.101

unknown

Germany

45.117.212.26

unknown

India

99.162.223.250

unknown

United States

64.111.105.206

unknown

United States

91.19.189.233

unknown

Germany

19.85.187.31

unknown

United States

41.157.30.69

unknown

South Africa

197.55.123.214

unknown

Egypt

45.111.37.172

unknown

Egypt

216.67.126.193

unknown

United States

45.104.148.31

unknown

Egypt

185.203.160.49

unknown

Iran (ISLAMIC Republic Of)

45.153.14.111

unknown

Russian Federation

63.62.160.86

unknown

United States

91.49.236.110

unknown

Germany

177.62.126.180

unknown

Brazil

91.163.145.63

unknown

France

197.12.117.159

unknown

Tunisia

45.91.88.205

unknown

Romania

185.106.143.31

unknown

Serbia

5.251.149.225

unknown

Kazakhstan

185.244.103.14

unknown

Estonia

212.160.6.59

unknown

Poland

156.234.199.240

unknown

Seychelles

185.232.205.132

unknown

Spain

91.95.68.164

unknown

Sweden

91.90.227.118

unknown

Latvia

91.67.33.162

unknown

Germany

91.244.81.15

unknown

Russian Federation

41.148.196.223

unknown

South Africa

185.15.150.33

unknown

Spain

91.243.156.150

unknown

Spain

197.74.193.249

unknown

South Africa

91.11.116.189

unknown

Germany

119.172.19.38

unknown

Japan

141.88.148.250

unknown

Germany

178.87.239.143

unknown

Saudi Arabia

45.20.50.217

unknown

United States

156.43.68.69

unknown

United Kingdom

45.106.6.107

unknown

Egypt

45.201.177.29

unknown

Seychelles

91.32.221.2

unknown

Germany

45.111.37.151

unknown

Egypt

91.186.75.37

unknown

Norway

156.199.203.244

unknown

Egypt

185.166.97.74

unknown

Switzerland

45.50.203.110

unknown

United States

45.50.203.111

unknown

United States

143.160.177.92

unknown

South Africa

38.112.91.39

unknown

United States

91.112.149.146

unknown

Austria

45.244.195.57

unknown

Egypt

135.115.217.58

unknown

United States

45.48.194.65

unknown

United States

193.79.200.215

unknown

Netherlands

45.188.109.25

unknown

45.91.88.227

unknown

Romania

45.130.62.163

unknown

Israel

45.106.6.116

unknown

Egypt

185.203.160.87

unknown

Iran (ISLAMIC Republic Of)

91.199.162.60

unknown

Germany

221.60.149.251

unknown

Japan

45.202.220.126

unknown

Seychelles

142.34.24.35

unknown

Canada

197.75.183.147

unknown

South Africa

41.117.228.167

unknown

South Africa

185.110.49.231

unknown

Poland

128.122.29.218

unknown

United States

176.198.187.187

unknown

Germany

156.223.50.214

unknown

Egypt

67.236.61.9

unknown

United States

185.45.66.61

unknown

Bulgaria

185.56.176.219

unknown

France

105.177.118.37

unknown

South Africa

45.229.91.225

unknown

Brazil

197.123.112.51

unknown

Egypt

45.86.28.98

unknown

United Kingdom

41.197.85.149

unknown

Rwanda

114.140.203.26

unknown

Taiwan; Republic of China (ROC)

84.136.240.4

unknown

Germany

156.56.101.225

unknown

United States

45.219.30.160

unknown

Morocco

57.37.96.242

unknown

Belgium

157.136.46.228

unknown

France

45.170.183.65

unknown

Brazil

190.156.168.164

unknown

Colombia

100.147.152.95

unknown

United States

47.182.85.190

unknown

United States

45.227.105.167

unknown

Brazil

178.157.234.27

unknown

Denmark

45.222.24.183

unknown

South Africa

45.150.101.191

unknown

Liechtenstein

185.68.214.201

unknown

Czech Republic

45.233.204.100

unknown

Brazil

192.91.253.232

unknown

United States

185.102.18.28

unknown

Sweden

45.163.170.78

unknown

Brazil

81.101.96.158

unknown

United Kingdom

185.228.32.102

unknown

Austria

45.219.30.151

unknown

Morocco

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs