Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sora.x86

ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
Entropy:	7.8717761813776965
Filename:	sora.x86
Filesize:	24728
MD5:	ec0785f99de2a1ea900d48a9bb26bf1c
SHA1:	bdabfc4ef8c6e050ba2a88927ac9429bd71813c9
SHA256:	30ad105f506c59e85005c99f64fcfc577c2a51caf131bc9f57e5172a404654d3
SHA512:	4a3d6fba5292e86f1471b2d411954e950688522b891e6d827fd89aa621a087e953b544dd268aaacc9913807e036154568fb06115741ca71c85f8acb9d8e68cb1
SSDEEP:	384:M8DKKQOcRpmYLdn6RBOFRFt5rUFX1DiSIlCo3AnupCFNqnrrd1NEZgO8UXWozPLu:R/QOC0Yhn6ROHWFlAcwNEFCnNBxcsce
Preview:	.ELF.....................g..4...........4. ...(......................_..._...................W...W..................Q.td...............................tUPX!....................Z........?d..ELF.......d.......4.,..4. (.......k.-.#.`...........?..P......d..l

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
URLs found in memory or binary data	Networking

/proc/5267/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5267/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5376/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5376/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.26.dr
ID:	dr_2
Target ID:	26
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5380/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5380/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.30.dr
ID:	dr_4
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.30.dr
ID:	dr_5
Target ID:	30
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:DdVv:BVv
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/tmp/sora.x86

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 18 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	10
From Memory:	true
Current Path:	/tmp/sora.x86
Source:	sora.x86
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

165.14.150.75

unknown

Japan

2.98.202.30

unknown

United Kingdom

1.241.64.41

unknown

Korea Republic of

126.27.223.237

unknown

Japan

167.244.146.157

unknown

United States

148.49.170.205

unknown

United States

37.177.86.214

unknown

Italy

59.166.102.220

unknown

Japan

44.7.130.188

unknown

United States

113.54.159.201

unknown

China

146.15.235.153

unknown

United States

166.203.133.216

unknown

United States

251.188.124.239

unknown

Reserved

210.85.191.211

unknown

Taiwan; Republic of China (ROC)

204.62.73.110

unknown

United States

114.239.158.155

unknown

China

41.14.214.51

unknown

South Africa

113.124.222.249

unknown

China

210.110.95.218

unknown

Korea Republic of

162.30.206.148

unknown

United States

177.70.141.190

unknown

Brazil

219.240.106.33

unknown

Korea Republic of

172.215.195.50

unknown

United States

201.240.238.10

unknown

Peru

31.67.116.133

unknown

United Kingdom

71.111.121.46

unknown

United States

88.248.29.110

unknown

Turkey

38.93.85.255

unknown

United States

41.115.200.72

unknown

South Africa

4.54.18.94

unknown

United States

16.85.71.175

unknown

United States

74.33.14.3

unknown

United States

218.21.160.20

unknown

China

147.175.253.12

unknown

Slovakia (SLOVAK Republic)

159.114.114.114

unknown

United Kingdom

18.68.25.132

unknown

United States

133.80.8.221

unknown

Japan

118.14.181.61

unknown

Japan

119.59.136.138

unknown

China

24.150.2.237

unknown

Canada

103.190.121.18

unknown

126.109.127.55

unknown

Japan

66.210.247.106

unknown

United States

152.113.180.158

unknown

United States

121.81.167.8

unknown

Japan

12.10.152.124

unknown

United States

217.4.22.110

unknown

Germany

44.100.131.207

unknown

United States

14.98.128.139

unknown

India

20.95.97.146

unknown

United States

1.109.50.131

unknown

Korea Republic of

68.15.246.54

unknown

United States

59.121.20.32

unknown

Taiwan; Republic of China (ROC)

34.26.63.252

unknown

United States

92.203.254.252

unknown

Japan

97.110.251.226

unknown

Canada

203.175.188.145

unknown

Korea Republic of

65.29.134.160

unknown

United States

1.253.209.220

unknown

Korea Republic of

72.187.61.178

unknown

United States

221.232.6.12

unknown

China

200.103.220.0

unknown

Brazil

86.14.157.185

unknown

United Kingdom

248.243.251.91

unknown

Reserved

213.29.127.118

unknown

Czech Republic

247.120.54.225

unknown

Reserved

101.163.182.162

unknown

Australia

191.234.39.21

unknown

Brazil

152.160.245.116

unknown

United States

220.158.204.12

unknown

Bangladesh

192.198.234.232

unknown

United States

73.94.134.111

unknown

United States

251.234.221.195

unknown

Reserved

102.174.105.188

unknown

Tunisia

252.43.179.218

unknown

Reserved

13.233.103.202

unknown

United States

46.142.137.7

unknown

Germany

90.134.166.190

unknown

Sweden

110.167.231.74

unknown

China

92.26.2.148

unknown

United Kingdom

179.227.126.169

unknown

Brazil

103.57.64.14

unknown

94.16.9.82

unknown

Germany

27.160.78.186

unknown

Korea Republic of

200.226.149.233

unknown

Brazil

16.97.163.5

unknown

United States

42.198.166.181

unknown

China

71.112.18.152

unknown

United States

112.219.5.116

unknown

Korea Republic of

59.28.140.225

unknown

Korea Republic of

158.198.246.29

unknown

Japan

254.122.33.192

unknown

Reserved

87.180.143.9

unknown

Germany

45.49.77.34

unknown

United States

153.49.4.136

unknown

United States

98.39.201.51

unknown

United States

110.203.9.8

unknown

China

146.20.63.85

unknown

United States

96.59.177.46

unknown

United States

70.84.162.139

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs