Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/la.bot.arm7.elf

URLs

Name

Malicious

http:///wget.sh

unknown

Details

Name:	http:///wget.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

http:///curl.sh

unknown

Details

Name:	http:///curl.sh
TargetID:	16
From Memory:	true
Current Path:	/tmp/la.bot.arm7.elf
Source:	la.bot.arm7.elf

Signature Hits	Behavior Group	Mitre Attack
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

38.54.122.172

unknown

United States

Details

IP:	38.54.122.172
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

116.203.104.203

unknown

Germany

Details

IP:	116.203.104.203
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fbfac030000

page read and write

7fc0b52f9000

page read and write

55c6f38fe000

page execute and read and write

7fc0b4e0d000

page read and write

7fc0b4ca1000

page read and write

7fbfac030000

page read and write

7fc0abfff000

page read and write

7fc0b461f000

page read and write

55c6f38fe000

page execute and read and write

7ffee7999000

page execute read

55c6f16a6000

page execute read

7fc0b4c7e000

page read and write

7fc0b461f000

page read and write

7fc0b531d000

page read and write

55c6f18f7000

page read and write

55c6f18f7000

page read and write

7ffee7907000

page read and write

7fc0b51d0000

page read and write

7fc0abfff000

page read and write

55c6f16a6000

page execute read

7fc0b4fef000

page read and write

7fc0b4e0d000

page read and write

7fbfac039000

page read and write

55c6f578e000

page read and write

7fc0b531d000

page read and write

7fc0b3e17000

page read and write

7fc0b4a13000

page read and write

55c6f3915000

page read and write

55c6f3915000

page read and write

7fc0b4fef000

page read and write

7fc0b46b1000

page read and write

7fc0b5362000

page read and write

7fc0b4e0d000

page read and write

55c6f16a6000

page execute read

7fc0b52f9000

page read and write

7ffee7907000

page read and write

55c6f578e000

page read and write

7fc0b4c7e000

page read and write

7fc0b531d000

page read and write

7fc0b52f9000

page read and write

7fbfac030000

page read and write

7fbfac039000

page read and write

7fc0b5362000

page read and write

7fc0b461f000

page read and write

7fc0b4c7e000

page read and write

7fc0b46b1000

page read and write

7fc0ac021000

page read and write

7fc0b4fef000

page read and write

7fc0b4ca1000

page read and write

7ffee7999000

page execute read

7fbfac02f000

page execute read

7fc0b4a13000

page read and write

55c6f3915000

page read and write

55c6f1900000

page read and write

7fc0b4c7e000

page read and write

7fbfac039000

page read and write

7fbfac030000

page read and write

55c6f578e000

page read and write

7ffee7999000

page execute read

7fc0b51d0000

page read and write

55c6f18f7000

page read and write

7fc0b4ca1000

page read and write

7fc0b52f9000

page read and write

55c6f38fe000

page execute and read and write

7fbfac039000

page read and write

7ffee7999000

page execute read

7fc0b4e0d000

page read and write

55c6f578e000

page read and write

55c6f16a6000

page execute read

7fbfac02f000

page execute read

55c6f38fe000

page execute and read and write

7fc0abfff000

page read and write

7fc0ac021000

page read and write

7fbfac02f000

page execute read

7fc0b51d0000

page read and write

7fc0b4a13000

page read and write

7fc0b46b1000

page read and write

55c6f1900000

page read and write

7fc0b3e17000

page read and write

7ffee7907000

page read and write

7fbfac02f000

page execute read

7fc0b5362000

page read and write

7fc0b46b1000

page read and write

55c6f18f7000

page read and write

7fc0b51d0000

page read and write

7fc0ac021000

page read and write

7fc0b4fef000

page read and write

55c6f1900000

page read and write

55c6f1900000

page read and write

7fc0b5362000

page read and write

7fc0b3e17000

page read and write

7fc0b461f000

page read and write

7fc0b4a13000

page read and write

7ffee7907000

page read and write

55c6f3915000

page read and write

7fc0ac021000

page read and write

7fc0abfff000

page read and write

7fc0b3e17000

page read and write

7fc0b531d000

page read and write

7fc0b4ca1000

page read and write

There are 90 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
la.bot.arm7.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportla.bot.arm7.elf

Processes

URLs

IPs

Memdumps

IOC Report
la.bot.arm7.elf