Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm7.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	12
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

Domains

Name

Malicious

eighteen.pirate

103.253.147.242

Details

Name:	eighteen.pirate
IP:	103.253.147.242
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

103.253.147.242

eighteen.pirate

Singapore

Details

IP:	103.253.147.242
TargetID:	-1
Country:	Singapore
Countrycode:	SGP
ASN number:	14061
ASN name:	DIGITALOCEAN-ASNUS
Private:	false
Domain:	eighteen.pirate

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7fdc65dab000

page read and write

7fdb6002e000

page execute read

7fdc6572f000

page read and write

55a4c8a4b000

page execute and read and write

7fdc6570c000

page read and write

7ffd6674c000

page read and write

7fdc60021000

page read and write

7fdb60040000

page read and write

7ffd667e5000

page execute read

7fdc65c5e000

page read and write

7fdc60021000

page read and write

55a4ca3a1000

page read and write

7fdc650ad000

page read and write

7fdc654a1000

page read and write

7fdc6513f000

page read and write

7fdb60040000

page read and write

55a4c6a44000

page read and write

55a4c8a4b000

page execute and read and write

7fdc6513f000

page read and write

7fdc648a5000

page read and write

7fdc6572f000

page read and write

7fdc65a7d000

page read and write

7fdc6589b000

page read and write

55a4c8a62000

page read and write

55a4c8a62000

page read and write

55a4c6a4d000

page read and write

55a4c67f3000

page execute read

55a4c6a4d000

page read and write

7fdc65df0000

page read and write

7fdc5ffff000

page read and write

7fdc6570c000

page read and write

7fdc65c5e000

page read and write

7fdc65d87000

page read and write

7fdc6589b000

page read and write

7fdc650ad000

page read and write

7fdc5ffff000

page read and write

55a4c67f3000

page execute read

7fdc65d87000

page read and write

7fdc650ad000

page read and write

7fdb60040000

page read and write

55a4c8a4b000

page execute and read and write

7fdc6513f000

page read and write

7fdb60037000

page read and write

7fdc65a7d000

page read and write

7ffd6674c000

page read and write

7fdc5ffff000

page read and write

7fdc654a1000

page read and write

55a4c6a44000

page read and write

7fdc65df0000

page read and write

7fdc6572f000

page read and write

55a4c6a44000

page read and write

7fdc65d87000

page read and write

55a4ca3a1000

page read and write

7fdc65dab000

page read and write

7fdc65dab000

page read and write

55a4c67f3000

page execute read

7fdc654a1000

page read and write

7fdb6002e000

page execute read

7fdc60021000

page read and write

7ffd667e5000

page execute read

7fdc648a5000

page read and write

55a4c8a62000

page read and write

55a4c6a4d000

page read and write

7fdc65a7d000

page read and write

7fdc65df0000

page read and write

7ffd6674c000

page read and write

7fdc65c5e000

page read and write

55a4ca3a1000

page read and write

7fdb6002e000

page execute read

7fdb60037000

page read and write

7ffd667e5000

page execute read

7fdc6589b000

page read and write

7fdc6570c000

page read and write

7fdc648a5000

page read and write

7fdb60037000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
la.bot.arm7.elf