Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.1YvvdxWDCb /tmp/tmp.LxoRQpWOAW /tmp/tmp.Fvxx9mpQsR

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.1YvvdxWDCb

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.1YvvdxWDCb

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.1YvvdxWDCb /tmp/tmp.LxoRQpWOAW /tmp/tmp.Fvxx9mpQsR

/tmp/botnt.arm7.elf

There are 12 hidden processes, click here to show them.

Domains

Name

Malicious

c.francoanddosbot.fun

172.232.152.145

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

95.85.78.2

unknown

Russian Federation

Details

IP:	95.85.78.2
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	8749
ASN name:	REDCOM-ASRedcomKhabarovskRussiaRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55c5ed9e7000

page read and write

55c5ed9f0000

page read and write

7fe2c8036000

page read and write

7fe3d06ed000

page read and write

7fe3d0d68000

page read and write

7fe3c8021000

page read and write

55c5ed796000

page execute read

7fe3d0d8c000

page read and write

7fe3d087c000

page read and write

7fe3d0dd1000

page read and write

7fe3d008e000

page read and write

7fe2c803b000

page read and write

55c5f098e000

page read and write

7fe3d0710000

page read and write

7ffd601f2000

page read and write

7fe3c7fff000

page read and write

7fe3d0c3f000

page read and write

55c5ef9ee000

page execute and read and write

7fe2c802e000

page execute read

7fe3d0120000

page read and write

7fe3cf886000

page read and write

7fe3d0482000

page read and write

7fe3d0a5e000

page read and write

55c5efa05000

page read and write

7ffd601f9000

page execute read

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
botnt.arm7.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbotnt.arm7.elf

Processes

Domains

IPs

Memdumps

IOC Report
botnt.arm7.elf