Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Satan.arm.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	16
From Memory:	true
Current Path:	/tmp/Satan.arm.elf
Source:	Satan.arm.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

193.84.71.119

unknown

Poland

Details

IP:	193.84.71.119
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	199478
ASN name:	RADIOCABLE-ASES
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f4cc402c000

page execute read

7f4cc402c000

page execute read

7f4cc402c000

page execute read

7f4cc402c000

page execute read

7f4dc8686000

page read and write

55865fdfa000

page read and write

55865dde5000

page read and write

7f4dc985e000

page read and write

7f4dc985e000

page read and write

55865dddc000

page read and write

7f4dc9b8c000

page read and write

7f4dc8e8e000

page read and write

5586605d5000

page read and write

7f4dc94ed000

page read and write

7ffe71c20000

page read and write

7f4dc94ed000

page read and write

55865fde3000

page execute and read and write

7f4dc8686000

page read and write

55865db8b000

page execute read

7f4dc4021000

page read and write

7f4dc9b8c000

page read and write

7f4cc403a000

page read and write

7ffe71d2e000

page execute read

55865dddc000

page read and write

7f4dc4021000

page read and write

7f4dc9510000

page read and write

7f4dc9510000

page read and write

7f4dc9282000

page read and write

7f4cc4039000

page read and write

55865db8b000

page execute read

55865fdfa000

page read and write

55865fde3000

page execute and read and write

7f4dc9510000

page read and write

7f4dc9b8c000

page read and write

7f4dc8686000

page read and write

5586605d5000

page read and write

7f4dc8e8e000

page read and write

55865fdfa000

page read and write

7f4dc8f20000

page read and write

7f4dc8e8e000

page read and write

7f4dc3fff000

page read and write

7ffe71d2e000

page execute read

7f4dc8e8e000

page read and write

7f4dc3fff000

page read and write

55865fde3000

page execute and read and write

7ffe71c20000

page read and write

7f4dc9bd1000

page read and write

7f4dc3fff000

page read and write

7f4dc9a3f000

page read and write

7f4dc9bd1000

page read and write

7f4dc9282000

page read and write

7f4dc3fff000

page read and write

7f4dc9a3f000

page read and write

55865dde5000

page read and write

7f4dc9282000

page read and write

7f4dc967c000

page read and write

7f4dc8f20000

page read and write

55865fdfa000

page read and write

55865dddc000

page read and write

7f4dc94ed000

page read and write

7f4cc4039000

page read and write

7f4dc9a3f000

page read and write

55865fde3000

page execute and read and write

7f4dc9510000

page read and write

7f4dc9b68000

page read and write

7ffe71d2e000

page execute read

7f4dc8f20000

page read and write

7f4cc403a000

page read and write

7ffe71c20000

page read and write

7f4dc9b68000

page read and write

7f4dc967c000

page read and write

7f4dc9b8c000

page read and write

7f4dc985e000

page read and write

7f4dc9a3f000

page read and write

7f4dc9bd1000

page read and write

7f4dc985e000

page read and write

55865dddc000

page read and write

55865db8b000

page execute read

7f4dc9282000

page read and write

7f4dc8686000

page read and write

55865dde5000

page read and write

55865dde5000

page read and write

7ffe71d2e000

page execute read

7f4dc9b68000

page read and write

7f4dc4021000

page read and write

7ffe71c20000

page read and write

7f4dc94ed000

page read and write

7f4dc4021000

page read and write

7f4dc967c000

page read and write

7f4dc9bd1000

page read and write

7f4dc9b68000

page read and write

55865db8b000

page execute read

5586605b1000

page read and write

7f4dc967c000

page read and write

7f4dc8f20000

page read and write

5586605b1000

page read and write

There are 86 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Satan.arm.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSatan.arm.elf

Processes

URLs

IPs

Memdumps

IOC Report
Satan.arm.elf