Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/wget.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.UMd1K2tj9b /tmp/tmp.7lqeN2d1oT /tmp/tmp.kYNUeneDCE

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.UMd1K2tj9b /tmp/tmp.7lqeN2d1oT /tmp/tmp.kYNUeneDCE

URLs

Name

Malicious

160.22.160.59:4444

Details

Name:	160.22.160.59:4444
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

IPs

Domain

Country

Malicious

160.22.160.59

unknown

Details

IP:	160.22.160.59
TargetID:	-1
ASN number:	45194
ASN name:	SIPL-ASSysconInfowayPvtLtdIN
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

34.249.145.219

unknown

United States

Details

IP:	34.249.145.219
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8063000

page execute read

8063000

page execute read

8c3e000

page read and write

ffc9d000

page read and write

8064000

page read and write

806b000

page read and write

f7fc4000

page execute read

f7fc4000

page execute read

8064000

page read and write

8c3e000

page read and write

806b000

page read and write

ffc9d000

page read and write

There are 2 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
wget.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportwget.elf

Processes

URLs

IPs

Memdumps

IOC Report
wget.elf