Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Satan.sh4.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

193.84.71.119

unknown

Poland

Details

IP:	193.84.71.119
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	199478
ASN name:	RADIOCABLE-ASES
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f67f8504000

page read and write

7f6770428000

page read and write

7f6770427000

page read and write

7f67f7eb3000

page read and write

7f67f76a2000

page read and write

7f67f0000000

page read and write

7ffd37100000

page read and write

563f9eca0000

page execute and read and write

563f9f3ef000

page read and write

7f67f0021000

page read and write

7ffd37100000

page read and write

7f67f7ea5000

page read and write

7f67f0000000

page read and write

7f67f8874000

page read and write

7f67f0021000

page read and write

563f9ecb7000

page read and write

7f67f89a5000

page read and write

7ffd37159000

page execute read

7f6770414000

page execute read

7f67f8504000

page read and write

7f67f89ea000

page read and write

7f67f8529000

page read and write

7f6770425000

page read and write

563f9cca2000

page read and write

563f9eca0000

page execute and read and write

7f67f8874000

page read and write

7ffd37100000

page read and write

563f9ecb7000

page read and write

7f6770427000

page read and write

7f67f0000000

page read and write

563f9ecb7000

page read and write

563f9f416000

page read and write

7f67f89ea000

page read and write

563f9eca0000

page execute and read and write

7f67f7ea5000

page read and write

7f67f89a5000

page read and write

7f67f8529000

page read and write

563f9cca2000

page read and write

7f67f76a2000

page read and write

7f67f8142000

page read and write

7f6770414000

page execute read

7f67f8504000

page read and write

7f6770428000

page read and write

7f67f8874000

page read and write

7f67f0021000

page read and write

563f9ca84000

page execute read

7f67f7ea5000

page read and write

563f9ca84000

page execute read

7f67f89a5000

page read and write

7f67f899d000

page read and write

7f67f89ea000

page read and write

7f67f0000000

page read and write

7f67f899d000

page read and write

7f67f8504000

page read and write

7f67f7ea5000

page read and write

7f67f76a2000

page read and write

7f67f8529000

page read and write

7f67f7eb3000

page read and write

7f67f899d000

page read and write

563f9ecb7000

page read and write

7ffd37159000

page execute read

7f67f0021000

page read and write

7f6770425000

page read and write

563f9cca2000

page read and write

563f9ca84000

page execute read

7ffd37100000

page read and write

563f9cc9a000

page read and write

7f67f8529000

page read and write

7f67f8142000

page read and write

7f6770414000

page execute read

563f9cc9a000

page read and write

7f67f899d000

page read and write

563f9eca0000

page execute and read and write

7f67f8874000

page read and write

7f67f7eb3000

page read and write

563f9f3ef000

page read and write

563f9cca2000

page read and write

7f67f8142000

page read and write

7f6770425000

page read and write

7f67f89ea000

page read and write

7f6770414000

page execute read

7f67f7eb3000

page read and write

563f9cc9a000

page read and write

563f9ca84000

page execute read

7f67f76a2000

page read and write

7f6770425000

page read and write

7f67f8142000

page read and write

7ffd37159000

page execute read

7f67f89a5000

page read and write

563f9cc9a000

page read and write

563f9f416000

page read and write

7ffd37159000

page execute read

There are 82 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Satan.sh4.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSatan.sh4.elf

Processes

IPs

Memdumps

IOC Report
Satan.sh4.elf