Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sora.arm

ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy:	7.929459447179547
Filename:	sora.arm
Filesize:	25004
MD5:	146e69dbf3fa2b51093964f087c9be01
SHA1:	49df0f19985dc9369426d2445560f4346c52e8c3
SHA256:	48d4f466e1ef7e2872a2ad032ca98e8ea161c3fd25f6eda3ef5cf271f23dd557
SHA512:	a941247f2a6be938aa4a2b83d80962aa78326975ced590dd96a2673689f1705b7e8644ecf32c88a413c39ec18a4bca9b4c6ddd562c423473b07b1ac03b080f50
SSDEEP:	384:cZ0X9nxn8o9ir/nSdoijsN2e4JQkCD2EjKb3pLLhymdGUop5hi:5X9nxn8o9wnBoWzEQf2EjKb3p3s3UozQ
Preview:	.ELF...a..........(.........4...........4. ...(......................`...`...............^..........................Q.td..............................CvUPX!........0...0.......R..........?.E.h;.}...^..........f.Z.6..(fw....&.x:.E.......oe.`.S..T.......n..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
URLs found in memory or binary data	Networking

/proc/5288/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5288/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.20.dr
ID:	dr_1
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.9219280948873623
Encrypted:	false
Ssdeep:	3:CH:CH
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/tmp/sora.arm

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 10 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	10
From Memory:	true
Current Path:	/tmp/sora.arm
Source:	sora.arm
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

163.229.182.74

unknown

Korea Republic of

246.252.30.75

unknown

Reserved

179.219.28.171

unknown

Brazil

83.45.140.219

unknown

Spain

71.64.206.178

unknown

United States

23.210.22.144

unknown

United States

144.48.249.155

unknown

India

124.21.97.181

unknown

China

86.239.217.40

unknown

France

154.181.108.71

unknown

Egypt

170.72.212.15

unknown

United States

182.219.30.94

unknown

Korea Republic of

2.27.129.117

unknown

United Kingdom

210.33.92.41

unknown

China

119.5.222.246

unknown

China

124.109.98.255

unknown

China

68.65.216.68

unknown

Virgin Islands (BRITISH)

180.187.140.120

unknown

China

18.253.84.71

unknown

United States

184.100.122.186

unknown

United States

72.225.180.234

unknown

United States

212.196.181.181

unknown

United Kingdom

182.115.198.192

unknown

China

156.159.153.6

unknown

Tanzania United Republic of

208.39.209.106

unknown

United States

246.114.129.2

unknown

Reserved

115.229.163.223

unknown

China

172.115.149.230

unknown

United States

207.31.98.5

unknown

United States

147.116.44.110

unknown

United States

37.124.245.201

unknown

Saudi Arabia

247.58.171.139

unknown

Reserved

245.115.229.68

unknown

Reserved

119.98.22.192

unknown

China

99.88.136.121

unknown

United States

150.192.233.18

unknown

United States

118.206.43.82

unknown

China

125.88.53.63

unknown

China

76.150.114.42

unknown

United States

37.229.128.76

unknown

Ukraine

77.104.249.197

unknown

Czech Republic

153.213.227.95

unknown

Japan

58.234.32.238

unknown

Korea Republic of

80.193.176.131

unknown

United Kingdom

162.187.22.173

unknown

United States

48.192.4.195

unknown

United States

91.223.243.22

unknown

Estonia

77.65.71.9

unknown

Poland

108.133.219.246

unknown

United States

107.127.53.157

unknown

United States

157.228.56.168

unknown

United Kingdom

114.211.192.180

unknown

China

19.236.11.170

unknown

United States

189.174.190.60

unknown

Mexico

165.76.65.179

unknown

Japan

20.209.235.125

unknown

United States

73.22.72.159

unknown

United States

87.199.107.137

unknown

Poland

116.201.10.48

unknown

Korea Republic of

152.75.141.108

unknown

United States

12.127.242.59

unknown

United States

255.43.156.57

unknown

Reserved

95.205.130.30

unknown

Sweden

175.107.120.229

unknown

Korea Republic of

160.192.235.30

unknown

Japan

108.116.201.123

unknown

United States

194.136.53.17

unknown

Finland

142.87.202.73

unknown

Canada

103.38.51.243

unknown

India

149.19.144.212

unknown

United States

106.196.252.131

unknown

India

209.168.181.190

unknown

United States

189.206.1.30

unknown

Mexico

68.96.185.223

unknown

United States

40.191.64.134

unknown

United States

147.87.57.17

unknown

Switzerland

140.226.54.51

unknown

United States

61.145.158.23

unknown

China

14.15.210.204

unknown

Japan

248.162.216.115

unknown

Reserved

96.120.35.221

unknown

United States

186.113.231.64

unknown

Colombia

243.56.125.139

unknown

Reserved

93.84.149.187

unknown

Belarus

73.116.116.165

unknown

United States

208.143.213.251

unknown

United States

197.116.147.77

unknown

Algeria

217.119.67.5

unknown

Poland

222.185.3.25

unknown

China

145.62.19.138

unknown

Netherlands

82.94.34.56

unknown

Netherlands

144.92.74.22

unknown

United States

122.229.132.149

unknown

China

53.123.238.100

unknown

Germany

153.135.73.184

unknown

Japan

244.16.241.122

unknown

Reserved

207.110.103.107

unknown

United States

244.139.79.29

unknown

Reserved

247.191.182.142

unknown

Reserved

18.102.91.87

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs