Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

e1x.x86.elf

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy:	6.49263211208954
Filename:	e1x.x86.elf
Filesize:	51836
MD5:	b1bce43c52f85896e6ed45ed73a03cc2
SHA1:	8be058ad44e11ad7b57b25c8a8b31eb8fcb2c568
SHA256:	f6f305af094d029feac96e21bde8a808be8841b79f81e98ebe25d22412dd0388
SHA512:	1560bb394f9d516963d35f750eb8531469aa8a155ed76dbe0df8ac19bdf65ea647a33608d52053cdf953a0c8946640224a9b2d0dba83bdfb39cc3840cd31248c
SSDEEP:	1536:Ly1bWoVlYokwjlpuw9d6z8OATT+aDwnyMSIq:O1bWoVl7kw5pBI8OOTTQyyq
Preview:	.ELF....................d...4...........4. ...(..............................................U...U.......5..........Q.td............................U..S.......7....h........[]...$.............U......=.X...t..5.....U......U......u........t....h.E..........

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample deletes itself	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates hidden files and/or directories	Persistence and Installation Behavior	Hidden Files and Directories
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sleeps for long times indicative of sandbox evasion	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Yara signature match	System Summary

/tmp/.system_idle

ASCII text

dropped

Details

File:	/tmp/.system_idle
Category:	dropped
Dump:	.system_idle.12.dr
ID:	dr_0
Target ID:	12
Process:	/tmp/e1x.x86.elf
Type:	ASCII text
Entropy:	1.9219280948873623
Encrypted:	false
Ssdeep:	3:Ez:Ez
Size:	5
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates hidden files and/or directories	Persistence and Installation Behavior	Hidden Files and Directories

Processes

Path

Cmdline

Malicious

/tmp/e1x.x86.elf

IPs

Domain

Country

Malicious

194.87.35.204

unknown

Russian Federation

Details

IP:	194.87.35.204
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	25369
ASN name:	BANDWIDTH-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8055000

page execute read

8055000

page execute read

f7f6d000

page execute read

8056000

page read and write

8059000

page read and write

8059000

page read and write

ffd0a000

page read and write

8056000

page read and write

f7f6d000

page execute read

ffd0a000

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
e1x.x86.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporte1x.x86.elf

Files

Processes

IPs

Memdumps

IOC Report
e1x.x86.elf