Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/sh4.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.3DwdTi16Ey /tmp/tmp.oMjial0suc /tmp/tmp.tYZ1IjG1gO

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.3DwdTi16Ey

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.3DwdTi16Ey

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.3DwdTi16Ey /tmp/tmp.oMjial0suc /tmp/tmp.tYZ1IjG1gO

There are 11 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fb8c0419000

page read and write

7fb9443f1000

page read and write

7fb9456ec000

page read and write

7fb8c0409000

page execute read

7fb940000000

page read and write

7fb945739000

page read and write

7fb944e91000

page read and write

7fb8c041d000

page read and write

559c26226000

page read and write

7fb945253000

page read and write

559c28243000

page read and write

7fb945278000

page read and write

7ffd02c51000

page read and write

7fb9455c3000

page read and write

7fb944c02000

page read and write

559c2822c000

page execute and read and write

559c290a5000

page read and write

559c26010000

page execute read

7fb940021000

page read and write

559c2622e000

page read and write

7fb9456f4000

page read and write

7fb944bf4000

page read and write

7ffd02c6c000

page execute read

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sh4.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsh4.elf

Processes

IPs

Memdumps

IOC Report
sh4.elf