Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm7.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

75cents.libre

unknown

IPs

Domain

Country

Malicious

38.54.122.172

unknown

United States

Details

IP:	38.54.122.172
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

116.203.104.203

unknown

Germany

Details

IP:	116.203.104.203
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7feff3fff000

page read and write

5603ce1bd000

page read and write

7ffd1ebd2000

page execute read

5603cc1a8000

page read and write

7feef403f000

page read and write

7feff3fff000

page read and write

5603cc1a8000

page read and write

5603d02b3000

page read and write

7feff4021000

page read and write

7feffb943000

page read and write

7feffc004000

page read and write

5603cbf4e000

page execute read

7feffaab9000

page read and write

5603ce1a6000

page execute and read and write

7ffd1ebd2000

page execute read

7feffbaaf000

page read and write

5603d02b3000

page read and write

7feef403f000

page read and write

7feffb353000

page read and write

7ffd1ea16000

page read and write

5603ce1a6000

page execute and read and write

7feffc004000

page read and write

7feffbe72000

page read and write

7feffb2c1000

page read and write

7feffbe72000

page read and write

7feff4021000

page read and write

7feef402e000

page execute read

7feffb2c1000

page read and write

7feffb920000

page read and write

7feef4036000

page read and write

7feef4036000

page read and write

5603cbf4e000

page execute read

7feffbc91000

page read and write

7feef402e000

page execute read

7feffb353000

page read and write

5603cc19f000

page read and write

5603cc19f000

page read and write

7feffbaaf000

page read and write

5603cc1a8000

page read and write

7feffbaaf000

page read and write

7feef402e000

page execute read

5603ce1bd000

page read and write

7feffbfbf000

page read and write

7ffd1ea16000

page read and write

7feffb6b5000

page read and write

7feffb6b5000

page read and write

5603d02b3000

page read and write

7feffb2c1000

page read and write

7feff4021000

page read and write

7feffb943000

page read and write

7feffc004000

page read and write

7feffb943000

page read and write

7feffbe72000

page read and write

7feffbc91000

page read and write

7feffbf9b000

page read and write

7feef4036000

page read and write

7feef403f000

page read and write

7feffaab9000

page read and write

7feffb353000

page read and write

7feffb920000

page read and write

5603cc19f000

page read and write

7feffb6b5000

page read and write

7feffb920000

page read and write

7ffd1ebd2000

page execute read

7feffaab9000

page read and write

7feffbc91000

page read and write

7feffbfbf000

page read and write

5603ce1a6000

page execute and read and write

7feffbf9b000

page read and write

7feffbf9b000

page read and write

5603cbf4e000

page execute read

5603ce1bd000

page read and write

7ffd1ea16000

page read and write

7feffbfbf000

page read and write

7feff3fff000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
la.bot.arm7.elf