Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sora.arm7

ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
Entropy:	7.977264005957624
Filename:	sora.arm7
Filesize:	48696
MD5:	c0530dfd3766a324673f37c1644de5bc
SHA1:	a45fb3c938ed307ed0f4a550bc17e460a0e5b661
SHA256:	8a6e72fa60a5be3c99b64bdbbf23839949e051dfaf9b975c040fa00c8edde1c6
SHA512:	bcdf869c6ab18916424f9c7d44202c8fab64c99a445afe1a1a6f5bb64d87cea28072bfc78f437e3cb8b91711154672ebffa0929d1347929f06e103073e19f824
SSDEEP:	768:lK7y1XGO1LCNgukEkvwtqPnH7u83nc0iFA9q3UELWt/iw+kvBGg6+fYtrBHM:N12O1LCNguovDPH7Tcr3LWhiw+kvBGgt
Preview:	.ELF..............(.........4...........4. ...(......................................... b.. b.. b..................Q.td...............................OUPX!........p...p.......h..........?.E.h;....#..$...o......=..B.*...5N&"a..mk.c.........}<.....M.Q....[

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara signature match	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

/proc/5274/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5274/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.20.dr
ID:	dr_1
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:Civ:CM
Size:	5
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/tmp/sora.arm7

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 10 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	10
From Memory:	true
Current Path:	/tmp/sora.arm7
Source:	sora.arm7
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

105.180.23.20

unknown

Egypt

38.5.198.77

unknown

United States

44.244.125.175

unknown

United States

108.198.1.171

unknown

United States

213.60.85.253

unknown

Spain

38.3.136.25

unknown

United States

250.29.133.144

unknown

Reserved

157.6.233.117

unknown

Japan

157.145.44.94

unknown

United States

73.198.119.83

unknown

United States

162.65.245.129

unknown

United States

152.43.75.176

unknown

United States

68.107.216.54

unknown

United States

216.61.47.73

unknown

United States

196.224.103.15

unknown

Tunisia

32.193.220.66

unknown

United States

197.109.134.94

unknown

South Africa

81.180.199.188

unknown

Romania

147.48.140.172

unknown

United States

211.14.115.244

unknown

Japan

147.105.169.59

unknown

United States

220.232.49.252

unknown

Singapore

96.195.125.71

unknown

United States

107.157.7.1

unknown

United States

154.48.184.42

unknown

United States

244.203.2.250

unknown

Reserved

253.241.166.61

unknown

Reserved

125.178.123.148

unknown

Korea Republic of

76.227.191.165

unknown

United States

212.9.202.33

unknown

United Kingdom

74.202.235.90

unknown

United States

124.145.224.179

unknown

Japan

180.249.117.189

unknown

Indonesia

186.246.82.239

unknown

Brazil

184.192.180.65

unknown

United States

180.145.69.198

unknown

Japan

171.99.205.149

unknown

Thailand

111.196.171.136

unknown

China

43.74.235.99

unknown

Japan

44.105.65.47

unknown

United States

218.181.74.77

unknown

Japan

53.191.190.220

unknown

Germany

152.241.29.184

unknown

Brazil

91.186.75.42

unknown

Norway

109.165.176.243

unknown

Bosnia and Herzegowina

156.0.172.146

unknown

South Africa

93.87.57.249

unknown

Serbia

82.25.98.22

unknown

United Kingdom

40.178.220.70

unknown

United States

70.34.47.248

unknown

United States

110.109.134.165

unknown

China

139.0.170.93

unknown

Indonesia

35.2.238.241

unknown

United States

183.109.40.165

unknown

Korea Republic of

161.58.199.192

unknown

United States

189.181.107.156

unknown

Mexico

248.38.186.19

unknown

Reserved

136.69.43.77

unknown

United States

80.155.119.168

unknown

Germany

82.39.27.145

unknown

United Kingdom

199.81.85.172

unknown

United States

163.109.89.198

unknown

France

90.158.71.173

unknown

Turkey

32.148.111.173

unknown

United States

84.87.28.28

unknown

Netherlands

78.152.92.58

unknown

Austria

187.51.205.102

unknown

Brazil

36.75.177.224

unknown

Indonesia

142.166.65.11

unknown

Canada

70.210.207.227

unknown

United States

18.102.226.164

unknown

United States

75.92.93.242

unknown

United States

84.73.147.144

unknown

Switzerland

60.126.184.178

unknown

Japan

144.44.178.235

unknown

European Union

109.115.234.55

unknown

Italy

253.85.73.245

unknown

Reserved

17.242.50.87

unknown

United States

251.59.93.2

unknown

Reserved

138.226.133.196

unknown

Switzerland

247.52.50.28

unknown

Reserved

40.193.69.189

unknown

United States

109.239.104.154

unknown

United Kingdom

112.255.242.110

unknown

China

178.244.73.50

unknown

Turkey

87.143.226.17

unknown

Germany

84.187.248.166

unknown

Germany

190.79.134.140

unknown

Venezuela

246.57.16.99

unknown

Reserved

126.97.154.254

unknown

Japan

48.235.60.188

unknown

United States

43.143.51.89

unknown

Japan

169.111.169.161

unknown

United States

167.128.242.202

unknown

United States

110.53.232.225

unknown

China

93.47.218.64

unknown

Italy

45.205.88.180

unknown

Seychelles

58.162.208.60

unknown

Australia

247.160.162.94

unknown

Reserved

162.104.193.5

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs