Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sora.mips

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	5.296543702857597
Filename:	sora.mips
Filesize:	71764
MD5:	f541ee6ca94d92d5c8da35fce228bb46
SHA1:	46100ebb28ef32d9895277b26db0705cdb4a5729
SHA256:	119853ec87c7bc15674fa8beaf375979d963c5fd763d08a32ef555041e053d04
SHA512:	8efd86b742eaf71e845f4abe47282f993fd62c4d45c4fd63b8f1ac9014a8a7c3e04242f1ecb292256ce38c36b3354ac1ceb15f86da52870fc501cb6e9921d914
SSDEEP:	1536:WkvDSnAd6mYoPdd8QVs1o0vB1tA0iLuYw2+O/8p:WkLSA3vbko0pTAmYw2+OEp
Preview:	.ELF.....................@.`...4...L.....4. ...(.............@...@...........................E...E..................dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'......!........'9.

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/proc/5276/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5276/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5387/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5387/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.26.dr
ID:	dr_2
Target ID:	26
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5391/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5391/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.30.dr
ID:	dr_4
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.30.dr
ID:	dr_5
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:Dc2n:p
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/sora.mips

n/a

/tmp/sora.mips

n/a

/tmp/sora.mips

n/a

/tmp/sora.mips

n/a

/tmp/sora.mips

n/a

/tmp/sora.mips

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 9 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

71.107.202.139

unknown

United States

80.24.160.20

unknown

Spain

70.40.0.156

unknown

United States

78.227.140.86

unknown

France

67.57.110.53

unknown

United States

91.174.80.19

unknown

France

172.246.244.217

unknown

United States

245.171.55.96

unknown

Reserved

63.148.160.73

unknown

United States

142.245.30.182

unknown

Canada

255.148.57.230

unknown

Reserved

111.6.69.190

unknown

China

31.137.239.105

unknown

Netherlands

34.229.108.227

unknown

United States

24.64.127.6

unknown

Canada

76.8.118.210

unknown

Canada

203.176.190.38

unknown

Pakistan

41.193.111.37

unknown

South Africa

59.109.98.212

unknown

China

121.77.143.181

unknown

China

254.167.189.62

unknown

Reserved

241.15.185.185

unknown

Reserved

120.224.137.159

unknown

China

44.96.244.86

unknown

United States

114.37.39.155

unknown

Taiwan; Republic of China (ROC)

37.91.93.228

unknown

Germany

149.150.154.242

unknown

United States

248.155.90.26

unknown

Reserved

31.31.135.149

unknown

Belgium

251.82.161.94

unknown

Reserved

167.238.223.149

unknown

United States

153.128.122.143

unknown

Japan

151.142.10.141

unknown

United States

158.73.140.99

unknown

United States

64.28.69.73

unknown

United States

106.128.236.235

unknown

Japan

140.210.162.31

unknown

China

216.81.240.141

unknown

United States

200.172.238.27

unknown

Brazil

95.121.137.238

unknown

Spain

17.160.100.84

unknown

United States

164.183.202.166

unknown

United States

240.85.62.5

unknown

Reserved

104.35.143.179

unknown

United States

175.34.81.13

unknown

Australia

16.229.239.174

unknown

United States

86.90.140.115

unknown

Netherlands

43.112.78.251

unknown

Japan

255.123.99.53

unknown

Reserved

195.20.246.157

unknown

Germany

36.132.101.91

unknown

China

191.254.53.60

unknown

Brazil

45.124.201.45

unknown

Australia

163.40.82.221

unknown

United States

96.201.7.12

unknown

United States

189.181.178.68

unknown

Mexico

57.147.55.165

unknown

Belgium

92.233.183.89

unknown

United Kingdom

244.107.176.234

unknown

Reserved

246.55.8.155

unknown

Reserved

96.38.83.249

unknown

United States

120.1.84.157

unknown

China

60.6.178.183

unknown

China

172.74.68.185

unknown

United States

245.166.238.106

unknown

Reserved

112.251.95.212

unknown

China

210.110.112.139

unknown

Korea Republic of

169.164.169.125

unknown

United States

68.144.38.185

unknown

Canada

12.69.103.16

unknown

United States

255.96.93.6

unknown

Reserved

136.254.214.173

unknown

United States

219.69.54.175

unknown

Taiwan; Republic of China (ROC)

90.142.192.22

unknown

Sweden

99.215.192.252

unknown

Canada

167.134.52.44

unknown

Venezuela

189.194.242.73

unknown

Mexico

90.35.131.168

unknown

France

205.182.104.37

unknown

United States

250.109.197.189

unknown

Reserved

157.204.30.231

unknown

United States

167.234.69.231

unknown

United States

83.97.114.71

unknown

Germany

142.67.215.102

unknown

Canada

159.206.56.242

unknown

Canada

80.110.234.46

unknown

Austria

83.208.201.84

unknown

Czech Republic

102.236.71.235

unknown

65.1.40.107

unknown

United States

172.116.65.63

unknown

United States

151.158.166.126

unknown

216.56.118.102

unknown

United States

67.211.159.82

unknown

United States

250.85.29.212

unknown

Reserved

13.176.170.242

unknown

United States

169.147.23.233

unknown

United States

53.99.133.165

unknown

Germany

174.146.255.210

unknown

United States

60.0.108.165

unknown

China

111.142.109.142

unknown

China

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

IPs