Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sora.mpsl

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy:	7.879578898375912
Filename:	sora.mpsl
Filesize:	27236
MD5:	42ac0f5f0fd0d4e42fb7254730e94632
SHA1:	12369aa6f5ffd2e251a1e8924eee602b0ef7b2df
SHA256:	2dfc8c4568d6a3392fcd4d1837e17d3b4c6a412c8b98bdd91ce91a58250afbca
SHA512:	76e5a2ba9a9576f3bedb6d2fcbef73e6b042471f5c8f537c99e1b43726ef32182eef1b69c29cd960b0ce1cb41f7fb8e0e10aecb27b7d3dcbe3a39367ccf58ae0
SSDEEP:	768:w9CUFskb2JgIs/E2+OocrfJiHNjfmQ2q7IoqdBhUWx:GCrJgHiOJrfwmQrctpj
Preview:	.ELF.....................V..4...........4. ...(.....................=i..=i....................E...E....................tUPX!`.......T...T.......T..........?.E.h;....#......b.L#4E..,,....M..D{c....j;.D .A....~.....hE.:.O........L..N.7g..\....R.............

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample tries to kill many processes (SIGKILL)	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
URLs found in memory or binary data	Networking

/proc/5280/oom_score_adj

ASCII text

dropped

Details

File:	/proc/5280/oom_score_adj
Category:	dropped
Dump:	oom_score_adj.20.dr
ID:	dr_0
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	1.7924812503605778
Encrypted:	false
Ssdeep:	3:ptn:Dn
Size:	6
Whitelisted:	false
Reputation:	high

/run/sshd.pid

ASCII text

dropped

Details

File:	/run/sshd.pid
Category:	dropped
Dump:	sshd.pid.20.dr
ID:	dr_1
Target ID:	20
Process:	/usr/sbin/sshd
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:C/:C/
Size:	5
Whitelisted:	false
Reputation:	moderate

Processes

Path

Cmdline

Malicious

/tmp/sora.mpsl

n/a

/tmp/sora.mpsl

n/a

/tmp/sora.mpsl

n/a

/tmp/sora.mpsl

n/a

/tmp/sora.mpsl

n/a

/tmp/sora.mpsl

n/a

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -t

/usr/lib/systemd/systemd

n/a

/usr/sbin/sshd

/usr/sbin/sshd -D

There are 1 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	16
From Memory:	true
Current Path:	/tmp/sora.mpsl
Source:	sora.mpsl
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

148.57.98.39

unknown

United States

36.63.232.128

unknown

China

178.166.17.66

unknown

Portugal

94.42.249.28

unknown

Poland

121.215.93.53

unknown

Australia

240.46.153.198

unknown

Reserved

202.126.161.125

unknown

Hong Kong

111.0.17.150

unknown

China

108.152.25.20

unknown

United States

141.205.80.8

unknown

United States

98.99.70.119

unknown

United States

156.100.80.142

unknown

United States

123.231.123.165

unknown

Sri Lanka

35.29.173.243

unknown

United States

108.17.85.21

unknown

United States

222.226.56.23

unknown

Japan

94.62.51.199

unknown

Portugal

148.129.11.201

unknown

United States

60.156.131.216

unknown

Japan

14.172.125.75

unknown

Viet Nam

66.170.46.96

unknown

United States

121.98.221.38

unknown

New Zealand

44.80.188.194

unknown

United States

78.74.7.68

unknown

Sweden

85.220.9.229

unknown

Iceland

79.149.221.198

unknown

Spain

116.31.232.129

unknown

China

209.92.8.169

unknown

United States

88.196.160.49

unknown

Estonia

165.104.225.187

unknown

United States

204.120.93.14

unknown

United States

112.93.141.60

unknown

China

94.191.99.99

unknown

China

94.63.199.231

unknown

Portugal

54.103.47.111

unknown

United States

160.38.70.93

unknown

United Kingdom

68.54.35.217

unknown

United States

202.65.72.220

unknown

Australia

1.45.25.239

unknown

China

166.64.126.168

unknown

Australia

12.92.121.112

unknown

United States

112.125.161.208

unknown

China

39.176.217.227

unknown

China

218.119.166.110

unknown

Japan

109.126.60.17

unknown

Russian Federation

14.44.138.222

unknown

Korea Republic of

104.230.253.69

unknown

United States

177.87.59.184

unknown

Brazil

217.22.110.113

unknown

Spain

47.87.41.39

unknown

United States

65.66.253.159

unknown

United States

112.96.183.188

unknown

China

102.136.132.185

unknown

Cote D'ivoire

255.117.137.5

unknown

Reserved

242.184.151.122

unknown

Reserved

74.252.191.113

unknown

United States

188.95.165.168

unknown

Saudi Arabia

191.237.129.95

unknown

Brazil

146.234.19.249

unknown

Germany

9.211.168.137

unknown

United States

66.242.157.205

unknown

United States

252.201.180.233

unknown

Reserved

146.153.203.105

unknown

United States

149.119.110.167

unknown

United States

85.138.67.230

unknown

Portugal

191.80.153.165

unknown

Argentina

116.204.165.44

unknown

Pakistan

5.101.107.41

unknown

Netherlands

221.83.33.106

unknown

Japan

24.71.77.191

unknown

Canada

193.252.45.35

unknown

France

32.93.232.170

unknown

United States

243.100.129.203

unknown

Reserved

57.24.98.110

unknown

Belgium

117.159.243.74

unknown

China

247.209.69.255

unknown

Reserved

160.247.147.135

unknown

Japan

93.126.14.252

unknown

Iran (ISLAMIC Republic Of)

190.95.251.255

unknown

Ecuador

62.222.102.220

unknown

Ireland

178.161.16.206

unknown

Kuwait

89.246.41.40

unknown

Germany

78.122.64.184

unknown

France

23.68.48.214

unknown

United States

65.133.167.221

unknown

United States

164.137.70.99

unknown

United Kingdom

253.163.201.162

unknown

Reserved

101.79.180.5

unknown

Korea Republic of

208.98.29.101

unknown

United States

254.148.39.84

unknown

Reserved

198.164.10.40

unknown

Canada

183.183.7.155

unknown

Japan

146.12.254.26

unknown

United States

199.45.249.232

unknown

United States

35.145.114.33

unknown

United States

63.154.17.178

unknown

United States

118.117.199.51

unknown

China

223.179.12.206

unknown

India

204.25.184.75

unknown

United States

158.30.134.23

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs