Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/shngijernbh.arm6.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.IBb9d2euol /tmp/tmp.qpspsEp1eC /tmp/tmp.UOEJtXuapH

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.IBb9d2euol /tmp/tmp.qpspsEp1eC /tmp/tmp.UOEJtXuapH

URLs

Name

Malicious

143.47.38.152:4258

Details

Name:	143.47.38.152:4258
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

143.47.38.152

unknown

Ireland

Details

IP:	143.47.38.152
TargetID:	-1
Country:	Ireland
Countrycode:	IRL
ASN number:	52019
ASN name:	ORCL-EMEA-ASSE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

54.171.230.55

unknown

United States

185.125.190.26

unknown

United Kingdom

Memdumps

Base Address

Regiontype

Protect

Malicious

7f3fdc02b000

page execute read

7f3fdc02b000

page execute read

55abb942e000

page read and write

55abb91dd000

page execute read

7ffc87487000

page execute read

7ffc87487000

page execute read

7f40e3880000

page read and write

7f40e383b000

page read and write

7f40e350d000

page read and write

7f40e383b000

page read and write

7f40e3817000

page read and write

55abbb435000

page execute and read and write

7f3fdc039000

page read and write

7f3fdc039000

page read and write

7f40e2f31000

page read and write

7f40e2bcf000

page read and write

7f40e2b3d000

page read and write

7f3fdc033000

page read and write

7f3fdc033000

page read and write

7f40e2b3d000

page read and write

7f40e2bcf000

page read and write

7f40e3880000

page read and write

7f40e36ee000

page read and write

7f40e350d000

page read and write

7f40e36ee000

page read and write

7ffc8745f000

page read and write

55abbb44c000

page read and write

7f40e31bf000

page read and write

55abb91dd000

page execute read

7f40e319c000

page read and write

7f40e3817000

page read and write

7f40dc021000

page read and write

55abb942e000

page read and write

7ffc8745f000

page read and write

55abbc425000

page read and write

7f40e319c000

page read and write

7f40e332b000

page read and write

7f40dbfff000

page read and write

7f40dc021000

page read and write

7f40dbfff000

page read and write

55abb9437000

page read and write

7f40e332b000

page read and write

7f40e2335000

page read and write

7f40e2335000

page read and write

55abb9437000

page read and write

7f40e31bf000

page read and write

55abbb435000

page execute and read and write

55abbc425000

page read and write

55abbb44c000

page read and write

7f40e2f31000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
shngijernbh.arm6.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportshngijernbh.arm6.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
shngijernbh.arm6.elf