Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.VPcrEpfrQW /tmp/tmp.jJFrqEYoep /tmp/tmp.V1PhRH8nNb

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.VPcrEpfrQW /tmp/tmp.jJFrqEYoep /tmp/tmp.V1PhRH8nNb

/tmp/j3wIEvE5Sj.elf

URLs

Name

Malicious

162.215.219.170:4444

Details

Name:	162.215.219.170:4444
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

162.215.219.170

unknown

United States

Details

IP:	162.215.219.170
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f414003b000

page execute read

7f414003b000

page execute read

7ffd412ee000

page read and write

7f4245cef000

page read and write

7f4140043000

page read and write

7f424531f000

page read and write

7f4246062000

page read and write

7ffd412ee000

page read and write

7f42453b1000

page read and write

55a4f03ce000

page read and write

7f423ffff000

page read and write

7f4245cef000

page read and write

7f4240021000

page read and write

7f423ffff000

page read and write

55a4f0be3000

page read and write

7f42459a1000

page read and write

55a4ee3b0000

page read and write

55a4ee3b0000

page read and write

7f4245ed0000

page read and write

7f414004b000

page read and write

7ffd413c8000

page execute read

7f424597e000

page read and write

7f42453b1000

page read and write

7f4245713000

page read and write

7f4245ff9000

page read and write

7f4140043000

page read and write

55a4ee3b9000

page read and write

55a4f03ce000

page read and write

7f4244b17000

page read and write

7f4245b0d000

page read and write

7f424531f000

page read and write

7f4245713000

page read and write

7f4244b17000

page read and write

55a4ee15f000

page execute read

7f424597e000

page read and write

55a4ee3b9000

page read and write

55a4f03b7000

page execute and read and write

55a4f0be3000

page read and write

7f4246062000

page read and write

55a4ee15f000

page execute read

7f424601d000

page read and write

7f414004b000

page read and write

55a4f03b7000

page execute and read and write

7f424601d000

page read and write

7ffd413c8000

page execute read

7f4245ed0000

page read and write

7f4245b0d000

page read and write

7f42459a1000

page read and write

7f4240021000

page read and write

7f4245ff9000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
j3wIEvE5Sj.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportj3wIEvE5Sj.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
j3wIEvE5Sj.elf