Automated Malware Analysis IOC Report for

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/5lg7zd.elf
Source:	5lg7zd.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Details

Name:	http://crl.certigna.fr/certignarootca.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.xrampsecurity.com/XGCA.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/SGCA.crl/etc/ssl/certs/Sonera_Class_2_Root_CA.pem/etc/ssl/certs/Sonera_Cl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/SGCA.crlStaat
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/SGCA.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.accv.es/legislacion_c.htm0U
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://wwww.certigna.fr/autorites/0m
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.certigna.fr/certignarootca.crlhttp://crl.dhimyotis.com/certignarootca.crl(c)
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://ocsp.accv.es0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0B1
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.dhimyotis.com/certignarootca.crl0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.firmaprofesional.com/cps0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/STCA.crl/etc/ssl/certs/Secure_Global_CA.pem/etc/ssl/certs/Secure_Global_C
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://repository.swisssign.com/0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/SGCA.crl0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://ocsp.quovadisoffshore.com
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.certigna.fr/certignarootca.crlhttp://crl.dhimyotis.com/certignarootca.crl/etc/ssl/certs/C
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/STCA.crl0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://ocsp.quovadisoffshore.comSSL.com
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.xrampsecurity.com/XGCA.crl/etc/ssl/certs/ca-certificates.crt/etc/ssl/certs/ca-certificate
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://13::1ip6-localhostip6-loopbackhttps://vnc.wtffe00::ff00::ip6-localnet13
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://ocsp.quovadisoffshore.com/etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem/etc/ssl/certs/QuoVadis_Roo
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://www.catcert.net/verarrel
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.securetrust.com/STCA.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.quovadisglobal.com/cps0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://vnc.wtf
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Details

Name:	http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://vnc.wtf/api/client
IP:	188.114.97.3
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
IP address seen in connection with other malware	Networking

Details

Name:	http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.xrampsecurity.com/XGCA.crl0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://www.catcert.net/verarrel05
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.certigna.fr/certignarootca.crl01
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.quovadis.bm0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.dhimyotis.com/certignarootca.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://ocsp.accv.es
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.accv.es00
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	https://ocsp.quovadisoffshore.com0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.cert.fnmt.es/dpcs/0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0;1
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Details

Name:	http://policy.camerfirma.com0
TargetID:	25153
From Memory:	true
Source:	5lg7zd.elf, 6241.1.000000c000000000.000000c000800000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5lg7zd.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5lg7zd.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
5lg7zd.elf