Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/sshd.elf

URLs

Name

Malicious

160.22.160.59:4444

Details

Name:	160.22.160.59:4444
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

160.22.160.59

unknown

Details

IP:	160.22.160.59
TargetID:	-1
ASN number:	45194
ASN name:	SIPL-ASSysconInfowayPvtLtdIN
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f079842b000

page execute read

7f079842b000

page execute read

7f081ed83000

page read and write

7f0798444000

page read and write

7f081ed60000

page read and write

7ffd51859000

page read and write

7f081f0d1000

page read and write

7f0798444000

page read and write

7f081f3e3000

page read and write

7f0818021000

page read and write

7f081f3db000

page read and write

7f081f2b2000

page read and write

7f081def9000

page read and write

7f081ed83000

page read and write

7ffd51859000

page read and write

56476f99e000

page read and write

7f079843c000

page read and write

5647719b3000

page read and write

7f081eda0000

page read and write

7f081f3e3000

page read and write

7f081e701000

page read and write

7f081f0d1000

page read and write

56476f99e000

page read and write

56476f70c000

page execute read

56476f70c000

page execute read

7ffd5194c000

page execute read

7f0818000000

page read and write

7f081e9bf000

page read and write

564771f62000

page read and write

56476f994000

page read and write

7f079843c000

page read and write

7f0818000000

page read and write

7f081e701000

page read and write

7f081e70f000

page read and write

7f081e70f000

page read and write

56477199c000

page execute and read and write

7f081e9bf000

page read and write

7f0818021000

page read and write

7f081def9000

page read and write

5647719b3000

page read and write

7f081ed60000

page read and write

56476f994000

page read and write

56477199c000

page execute and read and write

7f081f428000

page read and write

7f081f2b2000

page read and write

7f081f3db000

page read and write

7ffd5194c000

page execute read

564771f62000

page read and write

7f081eda0000

page read and write

7f081f428000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sshd.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsshd.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
sshd.elf