Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

wsVomvavHj

ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy:	6.39992195099751
Filename:	wsVomvavHj
Filesize:	128312
MD5:	298cb9165abc05a5b2652163b7f6b9c3
SHA1:	c168f1467498ad0d5be13813d9c58c651c633aab
SHA256:	1676dd00e2747f47313ffc8dc3da211534784b184f382e75399541fec0956da5
SHA512:	3a53c30e9f2aad61afef3636e7013f60fea53861444aabf9f347c8db302087bd587e7d3562267d463e6bfb7057820cdf7b51322f892d5b522aba4f0b6884469c
SSDEEP:	1536:IpPZmsLVUwLMZLNMAsDHeWmc3eVMDJFwFKkwvy8tPixSBrTRRgzjXdJvVdXpAwU8:IbmsL1MZhMAFm3eVzFHwvx5rlRGlpfdf
Preview:	.ELF.......................D...4.........4. ...(.................................. ....................l..f....... .dt.Q............................NV..a....da....tN^NuNV..J9...hf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........hN^NuNV..N^NuN

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
URLs found in memory or binary data	Networking
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

/proc/5281/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5281/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.21.dr
ID:	dr_0
Target ID:	21
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.21.dr
ID:	dr_1
Target ID:	21
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:Co:Co
Size:	5
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/tmp/wsVomvavHj

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 22 hidden processes, click here to show them.

URLs

Name

Malicious

http://127.0.0.1:52869/picdesc.xml

72.3.26.0

http://209.141.42.149/bins/os.x86

unknown

http://209.141.42.149/bins/sora.x86

unknown

http://127.0.0.1:52869/wanipcn.xml

72.3.26.0

http://209.141.42.149/bins/os.mips

unknown

http://209.141.42.149/bins/os.arm7;chmod

unknown

http://127.0.0.1/cgi-bin/ViewLog.asp

178.254.7.113

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://209.141.42.149/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$

unknown

http://purenetworks.com/HNAP1/

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

There are 1 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

78.54.40.243

unknown

Germany

207.141.211.147

unknown

United States

149.197.143.228

unknown

Finland

39.180.65.71

unknown

China

206.134.246.45

unknown

United States

134.45.110.33

unknown

United States

37.124.245.227

unknown

Saudi Arabia

41.102.161.61

unknown

Algeria

197.237.248.167

unknown

Kenya

156.5.232.58

unknown

United States

79.21.13.227

unknown

Italy

192.184.132.99

unknown

United States

86.179.34.195

unknown

United Kingdom

112.13.87.15

unknown

China

58.112.88.160

unknown

Japan

37.35.168.88

unknown

Spain

197.118.32.216

unknown

Algeria

156.5.207.96

unknown

United States

206.246.191.214

unknown

United States

181.175.18.85

unknown

Ecuador

200.194.14.170

unknown

Mexico

212.182.231.71

unknown

Finland

181.74.231.14

unknown

Chile

200.209.218.212

unknown

Brazil

197.200.123.7

unknown

Algeria

156.130.158.133

unknown

United States

206.18.18.133

unknown

United States

197.211.66.47

unknown

South Africa

156.79.67.34

unknown

United States

76.137.238.137

unknown

United States

178.129.91.30

unknown

Russian Federation

217.213.219.141

unknown

Sweden

101.242.68.60

unknown

China

60.38.65.61

unknown

Japan

94.227.194.72

unknown

Belgium

200.48.112.85

unknown

Peru

82.177.144.70

unknown

Poland

206.163.104.138

unknown

United States

95.28.117.13

unknown

Russian Federation

103.172.4.110

unknown

42.5.237.3

unknown

China

82.74.56.170

unknown

Netherlands

87.208.121.103

unknown

Netherlands

114.39.195.73

unknown

Taiwan; Republic of China (ROC)

193.213.89.103

unknown

Norway

206.22.75.125

unknown

United States

66.163.125.139

unknown

United States

112.70.224.21

unknown

Japan

197.60.107.91

unknown

Egypt

23.239.26.116

unknown

United States

69.63.229.4

unknown

United States

95.239.15.24

unknown

Italy

82.247.213.171

unknown

France

123.142.108.104

unknown

Korea Republic of

197.3.15.250

unknown

Tunisia

156.43.68.63

unknown

United Kingdom

210.47.182.175

unknown

China

95.145.60.40

unknown

United Kingdom

156.158.51.133

unknown

Tanzania United Republic of

181.81.244.11

unknown

Argentina

156.164.16.3

unknown

Egypt

44.179.130.197

unknown

United States

197.12.31.207

unknown

Tunisia

203.153.200.75

unknown

Australia

156.33.207.15

unknown

United States

243.26.61.235

unknown

Reserved

189.151.224.69

unknown

Mexico

80.55.180.249

unknown

Poland

168.4.133.156

unknown

United States

172.36.187.102

unknown

United States

122.140.177.239

unknown

China

90.69.108.105

unknown

France

246.112.160.176

unknown

Reserved

208.35.186.106

unknown

United States

65.63.38.165

unknown

United States

181.31.213.37

unknown

Argentina

197.163.185.209

unknown

Egypt

169.108.151.42

unknown

United States

178.10.231.77

unknown

Germany

197.164.175.165

unknown

Egypt

206.124.141.215

unknown

United States

197.12.117.170

unknown

Tunisia

86.111.25.11

unknown

Russian Federation

213.249.241.144

unknown

United Kingdom

156.158.50.52

unknown

Tanzania United Republic of

44.59.10.142

unknown

United States

142.30.156.245

unknown

Canada

213.136.10.210

unknown

Netherlands

213.41.59.49

unknown

United Kingdom

169.11.83.210

unknown

United States

163.246.206.184

unknown

United States

148.237.106.189

unknown

Mexico

133.150.124.115

unknown

Japan

54.56.4.159

unknown

United States

157.161.177.111

unknown

Switzerland

169.108.151.34

unknown

United States

169.75.134.88

unknown

United States

178.103.83.133

unknown

United Kingdom

5.167.132.112

unknown

Russian Federation

125.76.82.22

unknown

China

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs