Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

e1x.spc.elf

ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy:	6.013690105520907
Filename:	e1x.spc.elf
Filesize:	82972
MD5:	1002de64778cf787a198c3284795dd2c
SHA1:	da7e9dd3807fa3117ff3e8e2bed9651da97f2ab0
SHA256:	a86968f1d716edbdf83c4cacb6bfe7a4200d6fb0bcd65ec0b0c6329751bc786d
SHA512:	e358bbfcc4a7c83607f279c1d6dd1f62c0f0868c61f397714a73e199863b1971361dead0777c6de730b67fadc675353b0990fa0c20a55be21e7f0eba22f9578d
SSDEEP:	768:LNHyX+06EV6EU1PgelEvSmq48hunO+jbLbJXIdDfxpiHDdrl7PdtMtCIh:Z2+cVLUBgaEvSXN87jbp2jnADdFdtMgq
Preview:	.ELF...........................4..B......4. ...(......................=...=...............=...=...=.......A...............=...=...=.................dt.Q................................@..(....@.I.................#.....a...`.....!.....#...@.....".........`

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample deletes itself	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates hidden files and/or directories	Persistence and Installation Behavior	Hidden Files and Directories
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sleeps for long times indicative of sandbox evasion	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/tmp/.system_idle

ASCII text

dropped

Details

File:	/tmp/.system_idle
Category:	dropped
Dump:	.system_idle.12.dr
ID:	dr_0
Target ID:	12
Process:	/tmp/e1x.spc.elf
Type:	ASCII text
Entropy:	2.321928094887362
Encrypted:	false
Ssdeep:	3:IOv:IA
Size:	5
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates hidden files and/or directories	Persistence and Installation Behavior	Hidden Files and Directories

Processes

Path

Cmdline

Malicious

/tmp/e1x.spc.elf

IPs

Domain

Country

Malicious

194.87.35.204

unknown

Russian Federation

Details

IP:	194.87.35.204
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	25369
ASN name:	BANDWIDTH-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe794025000

page execute read

555f11afc000

page execute read

7fe89bf3f000

page read and write

7fe794036000

page read and write

7fe89c9df000

page read and write

7fe79403a000

page read and write

7fe89d287000

page read and write

7fe894000000

page read and write

555f144b2000

page read and write

555f13d48000

page read and write

7fe89d23a000

page read and write

555f11d2a000

page read and write

555f13d31000

page execute and read and write

7fe894021000

page read and write

7ffd3138a000

page execute read

555f11d33000

page read and write

7fe89d242000

page read and write

7fe89c742000

page read and write

7fe89c750000

page read and write

7fe89cda1000

page read and write

7fe89cdc6000

page read and write

7fe89d111000

page read and write

7ffd312e0000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
e1x.spc.elf

Files

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporte1x.spc.elf

Files

Processes

IPs

Memdumps

IOC Report
e1x.spc.elf