Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 902i13 || busybox pkill -9 902i13"

/bin/sh

/usr/bin/pkill

pkill -9 902i13

/bin/sh

/usr/bin/busybox

busybox pkill -9 902i13

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"

/bin/sh

/usr/bin/pkill

pkill -9 BzSxLxBxeY

/bin/sh

/usr/bin/busybox

busybox pkill -9 BzSxLxBxeY

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"

/bin/sh

/usr/bin/pkill

pkill -9 HOHO-LUGO7

/bin/sh

/usr/bin/busybox

busybox pkill -9 HOHO-LUGO7

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"

/bin/sh

/usr/bin/pkill

pkill -9 HOHO-U79OL

/bin/sh

/usr/bin/busybox

busybox pkill -9 HOHO-U79OL

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"

/bin/sh

/usr/bin/pkill

pkill -9 JuYfouyf87

/bin/sh

/usr/bin/busybox

busybox pkill -9 JuYfouyf87

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

/bin/sh

/usr/bin/pkill

pkill -9 NiGGeR69xd

/bin/sh

/usr/bin/busybox

busybox pkill -9 NiGGeR69xd

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"

/bin/sh

/usr/bin/pkill

pkill -9 SO190Ij1X

/bin/sh

/usr/bin/busybox

busybox pkill -9 SO190Ij1X

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"

/bin/sh

/usr/bin/pkill

pkill -9 LOLKIKEEEDDE

/bin/sh

/usr/bin/busybox

busybox pkill -9 LOLKIKEEEDDE

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"

/bin/sh

/usr/bin/pkill

pkill -9 ekjheory98e

/bin/sh

/usr/bin/busybox

busybox pkill -9 ekjheory98e

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"

/bin/sh

/usr/bin/pkill

pkill -9 scansh4

/bin/sh

/usr/bin/busybox

busybox pkill -9 scansh4

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"

/bin/sh

/usr/bin/pkill

pkill -9 MDMA

/bin/sh

/usr/bin/busybox

busybox pkill -9 MDMA

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"

/bin/sh

/usr/bin/pkill

pkill -9 fdevalvex

/bin/sh

/usr/bin/busybox

busybox pkill -9 fdevalvex

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"

/bin/sh

/usr/bin/pkill

pkill -9 scanspc

/bin/sh

/usr/bin/busybox

busybox pkill -9 scanspc

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"

/bin/sh

/usr/bin/pkill

pkill -9 MELTEDNINJAREALZ

/bin/sh

/usr/bin/busybox

busybox pkill -9 MELTEDNINJAREALZ

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"

/bin/sh

/usr/bin/pkill

pkill -9 flexsonskids

/bin/sh

/usr/bin/busybox

busybox pkill -9 flexsonskids

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"

/bin/sh

/usr/bin/pkill

pkill -9 scanx86

/bin/sh

/usr/bin/busybox

busybox pkill -9 scanx86

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"

/bin/sh

/usr/bin/pkill

pkill -9 MISAKI-U79OL

/bin/sh

/usr/bin/busybox

busybox pkill -9 MISAKI-U79OL

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"

/bin/sh

/usr/bin/pkill

pkill -9 foAxi102kxe

/bin/sh

/usr/bin/busybox

busybox pkill -9 foAxi102kxe

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"

/bin/sh

/usr/bin/pkill

pkill -9 swodjwodjwoj

/bin/sh

/usr/bin/busybox

busybox pkill -9 swodjwodjwoj

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"

/bin/sh

/usr/bin/pkill

pkill -9 MmKiy7f87l

/bin/sh

/usr/bin/busybox

busybox pkill -9 MmKiy7f87l

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"

/bin/sh

/usr/bin/pkill

pkill -9 freecookiex86

/bin/sh

/usr/bin/busybox

busybox pkill -9 freecookiex86

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"

/bin/sh

/usr/bin/pkill

pkill -9 sysgpu

/bin/sh

/usr/bin/busybox

busybox pkill -9 sysgpu

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

/bin/sh

/usr/bin/pkill

pkill -9 NiGGeR69xd

/bin/sh

/usr/bin/busybox

busybox pkill -9 NiGGeR69xd

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 frgege || busybox pkill -9 frgege"

/bin/sh

/usr/bin/pkill

pkill -9 frgege

/bin/sh

/usr/bin/busybox

busybox pkill -9 frgege

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"

/bin/sh

/usr/bin/pkill

pkill -9 sysupdater

/bin/sh

/usr/bin/busybox

busybox pkill -9 sysupdater

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"

/bin/sh

/usr/bin/pkill

pkill -9 0DnAzepd

/bin/sh

/usr/bin/busybox

busybox pkill -9 0DnAzepd

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"

/bin/sh

/usr/bin/pkill

pkill -9 NiGGeRD0nks69

/bin/sh

/usr/bin/busybox

busybox pkill -9 NiGGeRD0nks69

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"

/bin/sh

/usr/bin/pkill

pkill -9 frgreu

/bin/sh

/usr/bin/busybox

busybox pkill -9 frgreu

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"

/bin/sh

/usr/bin/pkill

pkill -9 telnetd

/bin/sh

/usr/bin/busybox

busybox pkill -9 telnetd

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"

/bin/sh

/usr/bin/pkill

pkill -9 0x766f6964

/bin/sh

/usr/bin/busybox

busybox pkill -9 0x766f6964

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"

/bin/sh

/usr/bin/pkill

pkill -9 NiGGeRd0nks1337

/bin/sh

/usr/bin/busybox

busybox pkill -9 NiGGeRd0nks1337

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 gaft || busybox pkill -9 gaft"

/bin/sh

/usr/bin/pkill

pkill -9 gaft

/bin/sh

/usr/bin/busybox

busybox pkill -9 gaft

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"

/bin/sh

/usr/bin/pkill

pkill -9 urasgbsigboa

/bin/sh

/usr/bin/busybox

busybox pkill -9 urasgbsigboa

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"

/bin/sh

/usr/bin/pkill

pkill -9 120i3UI49

/bin/sh

/usr/bin/busybox

busybox pkill -9 120i3UI49

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"

/bin/sh

/usr/bin/pkill

pkill -9 OaF3

/bin/sh

/usr/bin/busybox

busybox pkill -9 OaF3

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 geae || busybox pkill -9 geae"

/bin/sh

/usr/bin/pkill

pkill -9 geae

/bin/sh

/usr/bin/busybox

busybox pkill -9 geae

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"

/bin/sh

/usr/bin/pkill

pkill -9 vaiolmao

/bin/sh

/usr/bin/busybox

busybox pkill -9 vaiolmao

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 123123a || busybox pkill -9 123123a"

/bin/sh

/usr/bin/pkill

pkill -9 123123a

/bin/sh

/usr/bin/busybox

busybox pkill -9 123123a

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"

/bin/sh

/usr/bin/pkill

pkill -9 Ofurain0n4H34D

/bin/sh

/usr/bin/busybox

busybox pkill -9 Ofurain0n4H34D

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"

/bin/sh

/usr/bin/pkill

pkill -9 ggTrex

/bin/sh

/usr/bin/busybox

busybox pkill -9 ggTrex

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 wasads || busybox pkill -9 wasads"

/bin/sh

/usr/bin/pkill

pkill -9 wasads

/bin/sh

/usr/bin/busybox

busybox pkill -9 wasads

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"

/bin/sh

/usr/bin/pkill

pkill -9 1293194hjXD

/bin/sh

/usr/bin/busybox

busybox pkill -9 1293194hjXD

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"

/bin/sh

/usr/bin/pkill

pkill -9 OthLaLosn

/bin/sh

/usr/bin/busybox

busybox pkill -9 OthLaLosn

/tmp/yakuza.i686.elf

/bin/sh

sh -c "pkill -9 ggt || busybox pkill -9 ggt"

/bin/sh

/usr/bin/pkill

pkill -9 ggt

/bin/sh

/usr/bin/busybox

busybox pkill -9 ggt

There are 259 hidden processes, click here to show them.

URLs

Name

Malicious

https://youtu.be/dQw4w9WgXcQ

unknown

https://youtu.be/dQw4w9WgXcQNever

unknown

http://87.10.220.221/yak.sh;

unknown

IPs

Domain

Country

Malicious

175.212.122.144

unknown

Korea Republic of

3.236.91.65

unknown

United States

84.115.174.131

unknown

Austria

223.36.198.228

unknown

Korea Republic of

78.51.49.110

unknown

Germany

62.210.240.209

unknown

France

129.185.213.239

unknown

France

219.215.133.103

unknown

Japan

205.253.193.144

unknown

India

169.25.164.63

unknown

United States

175.45.32.227

unknown

Hong Kong

168.56.238.186

unknown

United States

137.236.175.53

unknown

Canada

12.119.9.53

unknown

United States

74.112.207.39

unknown

United States

251.67.176.35

unknown

Reserved

222.93.45.191

unknown

China

41.250.58.41

unknown

Morocco

47.144.153.181

unknown

United States

95.104.166.124

unknown

Russian Federation

56.192.246.143

unknown

United States

178.130.55.72

unknown

Russian Federation

100.194.0.93

unknown

United States

16.143.125.154

unknown

United States

99.86.94.128

unknown

United States

247.13.219.185

unknown

Reserved

50.94.187.30

unknown

United States

13.236.43.108

unknown

United States

254.47.172.194

unknown

Reserved

174.180.104.198

unknown

United States

122.26.84.169

unknown

Japan

32.194.251.98

unknown

United States

244.66.159.245

unknown

Reserved

167.198.155.203

unknown

United States

140.234.122.135

unknown

United States

155.100.93.190

unknown

United States

221.177.183.83

unknown

China

248.177.67.84

unknown

Reserved

167.77.154.156

unknown

United States

167.27.217.101

unknown

United States

186.85.179.235

unknown

Colombia

189.105.19.58

unknown

Brazil

140.48.57.118

unknown

United States

219.93.138.84

unknown

Malaysia

123.224.190.5

unknown

Japan

182.160.68.170

unknown

China

185.92.61.30

unknown

Netherlands

190.92.204.176

unknown

Argentina

207.248.139.241

unknown

Mexico

171.33.176.73

unknown

Germany

217.173.86.230

unknown

Saudi Arabia

84.128.219.173

unknown

Germany

250.82.209.113

unknown

Reserved

186.143.85.39

unknown

Argentina

35.60.227.71

unknown

United States

141.228.109.249

unknown

United Kingdom

18.167.230.245

unknown

United States

76.4.11.206

unknown

United States

4.246.38.118

unknown

United States

120.173.149.213

unknown

Indonesia

193.61.227.220

unknown

United Kingdom

208.213.34.229

unknown

United States

57.208.205.52

unknown

Belgium

194.43.25.142

unknown

United Kingdom

76.246.216.54

unknown

United States

82.53.197.227

unknown

Italy

45.37.82.27

unknown

United States

159.105.104.30

unknown

United States

27.107.87.120

unknown

India

103.226.223.159

unknown

Australia

112.233.244.112

unknown

China

167.177.165.185

unknown

United States

93.78.138.178

unknown

Ukraine

61.111.94.226

unknown

Korea Republic of

183.138.12.95

unknown

China

35.49.49.219

unknown

United States

36.184.170.84

unknown

China

132.45.77.54

unknown

United States

62.246.52.13

unknown

Germany

249.51.220.245

unknown

Reserved

14.169.249.244

unknown

Viet Nam

98.202.134.232

unknown

United States

65.139.106.239

unknown

United States

86.28.35.177

unknown

United Kingdom

94.0.68.102

unknown

United Kingdom

240.13.55.107

unknown

Reserved

195.154.190.2

unknown

France

65.83.89.174

unknown

United States

116.182.222.251

unknown

China

203.95.52.251

unknown

Japan

133.161.220.199

unknown

Japan

28.85.163.56

unknown

United States

59.46.166.206

unknown

China

146.16.92.157

unknown

United States

94.158.29.134

unknown

Switzerland

99.216.240.223

unknown

Canada

194.132.63.64

unknown

Sweden

191.76.42.45

unknown

Colombia

214.199.190.179

unknown

United States

192.165.141.126

unknown

Sweden

There are 90 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

8067000

page read and write

f7fcb000

page execute read

805f000

page read and write

805e000

page execute read

Details

Name:	5526.1.0000000008048000.000000000805e000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	805e000
Size:	90112

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

ffe67000

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
yakuza.i686.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportyakuza.i686.elf

Processes

URLs

IPs

Memdumps

IOC Report
yakuza.i686.elf