Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm7.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

103.253.147.242

unknown

Singapore

Details

IP:	103.253.147.242
TargetID:	-1
Country:	Singapore
Countrycode:	SGP
ASN number:	14061
ASN name:	DIGITALOCEAN-ASNUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

116.203.104.203

unknown

Germany

Details

IP:	116.203.104.203
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

555ff7bb6000

page read and write

7f6f78742000

page read and write

7f6f78ab5000

page read and write

555ff795c000

page execute read

7f6f783f4000

page read and write

555ff9bcb000

page read and write

555ff9bcb000

page read and write

555ff795c000

page execute read

7f6f77d72000

page read and write

7ffe223fa000

page execute read

7f6f77d72000

page read and write

555ff7bad000

page read and write

7f6f7756a000

page read and write

555ff7bb6000

page read and write

555ffb21a000

page read and write

555ffb21a000

page read and write

7f6f77e04000

page read and write

7f6f77e04000

page read and write

7f6f78560000

page read and write

7f6f78a70000

page read and write

7f6f70021000

page read and write

7f6f78ab5000

page read and write

7f6f78a4c000

page read and write

555ff7bad000

page read and write

7f6f783d1000

page read and write

555ff9bb4000

page execute and read and write

7f6f78166000

page read and write

7f6e70037000

page read and write

7f6f6ffff000

page read and write

555ff9bb4000

page execute and read and write

7f6f78742000

page read and write

7f6f78a70000

page read and write

7f6f783f4000

page read and write

555ff7bb6000

page read and write

7f6f7756a000

page read and write

7f6e7002e000

page execute read

7f6f78560000

page read and write

7f6f78742000

page read and write

7f6f78166000

page read and write

7f6f783d1000

page read and write

7f6e70040000

page read and write

7f6f78a4c000

page read and write

7f6f6ffff000

page read and write

555ff9bcb000

page read and write

7f6f78ab5000

page read and write

555ff795c000

page execute read

7ffe223d8000

page read and write

7f6e70040000

page read and write

7f6f78a4c000

page read and write

7f6e7002e000

page execute read

555ffb21a000

page read and write

555ff795c000

page execute read

7f6f77e04000

page read and write

555ff7bad000

page read and write

555ff9bb4000

page execute and read and write

7f6f7756a000

page read and write

7f6f70021000

page read and write

7f6f78923000

page read and write

7f6f77e04000

page read and write

7f6f78923000

page read and write

7f6f77d72000

page read and write

7f6f70021000

page read and write

7ffe223fa000

page execute read

7f6f78ab5000

page read and write

7f6f77d72000

page read and write

7f6f6ffff000

page read and write

7f6f78923000

page read and write

7f6f78166000

page read and write

555ffb21a000

page read and write

7f6f78a70000

page read and write

7ffe223fa000

page execute read

7f6f6ffff000

page read and write

555ff7bad000

page read and write

7f6f783f4000

page read and write

7f6f78742000

page read and write

7f6e70040000

page read and write

7ffe223d8000

page read and write

7f6e70037000

page read and write

7f6f78a70000

page read and write

555ff9bb4000

page execute and read and write

7f6e70040000

page read and write

7f6f78166000

page read and write

7f6f783d1000

page read and write

7ffe223d8000

page read and write

7ffe223d8000

page read and write

7f6f783d1000

page read and write

7f6e7002e000

page execute read

7f6e70037000

page read and write

555ff7bb6000

page read and write

555ff9bcb000

page read and write

7f6f70021000

page read and write

7ffe223fa000

page execute read

7f6f78560000

page read and write

7f6f7756a000

page read and write

7f6f78923000

page read and write

7f6f78a4c000

page read and write

7f6f78560000

page read and write

7f6f783f4000

page read and write

7f6e70037000

page read and write

7f6e7002e000

page execute read

There are 90 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.arm7.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.arm7.elf

Processes

URLs

IPs

Memdumps

IOC Report
la.bot.arm7.elf