Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

v9o2vinbUj

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy:	6.469894645652366
Filename:	v9o2vinbUj
Filesize:	54032
MD5:	73d2f5433e948eba89c219813b9fd5c4
SHA1:	401c28c325792e0300bbf55f40f3a191ae62562c
SHA256:	bd9bbf95c7694806e736a2cb886564ab698e7dda7240fa04e0a6ccfd26068840
SHA512:	cdd3c3ce44a1191a72f62b8c276fa29d2a5625e3a65bd896a078b1290c6627c3a8e2186cb63fa4368aae5c5934ed4c7eac381ea7be37baa6ad60b578cfdc8a11
SSDEEP:	1536:s8OP6OftfvJfrJf0hJeVVMq3Zv78slC8KObYcPnYrTGGgv8H:hOfVxfrJfAJ2VTpwslC8KObRnYrqP
Preview:	.ELF....................d...4...........4. ...(..............................................P...P..@...............Q.td............................U..S.......w....h........[]...$.............U......=@Q...t..5....$P.....$P......u........t....h.N..........

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Machine Learning detection for sample	AV Detection
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
URLs found in memory or binary data	Networking

/proc/5269/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5269/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.22.dr
ID:	dr_0
Target ID:	22
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5382/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5382/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.28.dr
ID:	dr_2
Target ID:	28
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/proc/5386/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5386/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.32.dr
ID:	dr_4
Target ID:	32
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.32.dr
ID:	dr_5
Target ID:	32
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:DdTv:BTv
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/tmp/v9o2vinbUj

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 26 hidden processes, click here to show them.

URLs

Name

Malicious

http://127.0.0.1:52869/picdesc.xml

45.115.236.178

Details

Name:	http://127.0.0.1:52869/picdesc.xml
IP:	45.115.236.178
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking

http://127.0.0.1:52869/wanipcn.xml

91.200.122.205

Details

Name:	http://127.0.0.1:52869/wanipcn.xml
IP:	91.200.122.205
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking

http://103.3.246.123/bins/Hilix.mips

unknown

Details

Name:	http://103.3.246.123/bins/Hilix.mips
TargetID:	21057
From Memory:	true
Source:	v9o2vinbUj, 5241.1.000000001a887bdc.00000000294d76f9.r-x.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/encoding/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/encoding/
TargetID:	21057
From Memory:	true
Source:	v9o2vinbUj, 5241.1.000000001a887bdc.00000000294d76f9.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/soap/envelope/

unknown

Details

Name:	http://schemas.xmlsoap.org/soap/envelope/
TargetID:	21057
From Memory:	true
Source:	v9o2vinbUj, 5241.1.000000001a887bdc.00000000294d76f9.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

91.125.96.98

unknown

United Kingdom

91.179.103.143

unknown

Belgium

45.50.54.73

unknown

United States

45.20.156.248

unknown

United States

91.179.103.147

unknown

Belgium

105.34.48.52

unknown

Egypt

91.120.127.75

unknown

Hungary

162.188.24.4

unknown

United States

45.44.28.215

unknown

Canada

45.159.18.253

unknown

Russian Federation

220.116.183.176

unknown

Korea Republic of

91.136.66.215

unknown

United Kingdom

41.14.214.65

unknown

South Africa

185.156.149.39

unknown

Italy

91.74.182.188

unknown

United Arab Emirates

45.50.203.139

unknown

United States

156.228.38.94

unknown

Seychelles

206.156.198.181

unknown

United States

197.242.86.248

unknown

South Africa

185.129.148.223

unknown

Latvia

185.205.239.212

unknown

Russian Federation

139.203.74.18

unknown

China

91.228.141.159

unknown

Romania

91.41.96.244

unknown

Germany

41.152.179.67

unknown

Egypt

45.221.254.21

unknown

Benin

45.172.252.173

unknown

Brazil

161.233.133.17

unknown

United States

117.142.77.167

unknown

China

185.35.202.40

unknown

Norway

156.21.245.107

unknown

United States

91.36.13.219

unknown

Germany

45.124.125.126

unknown

China

176.133.142.240

unknown

France

41.14.115.110

unknown

South Africa

176.237.211.74

unknown

Turkey

197.123.124.95

unknown

Egypt

91.9.136.229

unknown

Germany

91.29.31.53

unknown

Germany

175.133.97.70

unknown

Japan

105.132.245.149

unknown

Morocco

45.9.118.97

unknown

Netherlands

110.181.221.34

unknown

China

185.75.12.214

unknown

Spain

94.250.37.208

unknown

Bosnia and Herzegowina

185.6.84.230

unknown

Netherlands

185.202.158.255

unknown

Germany

91.147.188.119

unknown

Saudi Arabia

53.50.228.175

unknown

Germany

91.179.103.167

unknown

Belgium

91.182.121.116

unknown

Belgium

163.175.224.217

unknown

Netherlands

146.27.133.214

unknown

United States

45.127.206.104

unknown

Indonesia

110.76.137.25

unknown

Australia

91.9.136.215

unknown

Germany

91.122.189.96

unknown

Russian Federation

126.86.83.177

unknown

Japan

185.15.150.61

unknown

Spain

91.13.61.253

unknown

Germany

39.17.222.203

unknown

Korea Republic of

91.209.253.58

unknown

Saudi Arabia

156.235.189.136

unknown

Seychelles

108.40.8.193

unknown

United States

185.95.139.110

unknown

Italy

91.244.81.40

unknown

Russian Federation

34.254.55.151

unknown

United States

45.21.146.132

unknown

United States

200.40.22.193

unknown

Uruguay

91.140.204.17

unknown

Kuwait

45.254.142.237

unknown

China

185.204.41.37

unknown

France

45.89.137.20

unknown

Iran (ISLAMIC Republic Of)

194.148.213.79

unknown

Switzerland

185.50.154.129

unknown

United Kingdom

197.221.180.228

unknown

South Africa

45.143.195.194

unknown

Netherlands

91.243.156.172

unknown

Spain

124.166.53.66

unknown

China

41.37.180.82

unknown

Egypt

45.115.168.100

unknown

India

36.138.212.51

unknown

China

41.85.32.156

unknown

South Africa

197.91.228.134

unknown

South Africa

12.224.246.30

unknown

United States

197.19.50.3

unknown

Tunisia

98.137.186.238

unknown

United States

185.135.247.203

unknown

United Kingdom

197.177.27.86

unknown

Kenya

45.106.6.129

unknown

Egypt

91.181.37.215

unknown

Belgium

91.220.198.134

unknown

Ukraine

45.21.146.188

unknown

United States

91.238.18.128

unknown

91.74.182.146

unknown

United Arab Emirates

24.162.86.8

unknown

United States

91.90.163.86

unknown

Poland

84.173.195.234

unknown

Germany

91.60.221.212

unknown

Germany

185.149.161.66

unknown

Russian Federation

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs