Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.MBi4uDqKfa /tmp/tmp.iz63md9wLs /tmp/tmp.cAMoGgC5Xb

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.MBi4uDqKfa /tmp/tmp.iz63md9wLs /tmp/tmp.cAMoGgC5Xb

/tmp/arm.b.elf

IPs

Domain

Country

Malicious

154.213.187.68

unknown

Seychelles

Details

IP:	154.213.187.68
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	22769
ASN name:	DDOSING-BGP-NETWORKUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f9c49766000

page read and write

7f9b44024000

page execute read

7f9c490a5000

page read and write

55f390bce000

page execute read

7f9c495d4000

page read and write

55f390e28000

page read and write

55f390e28000

page read and write

7f9b44024000

page execute read

7f9c49721000

page read and write

7f9c49721000

page read and write

7f9c493f3000

page read and write

7f9b44030000

page read and write

7f9c4821b000

page read and write

55f3933fd000

page read and write

7f9b4402d000

page read and write

7f9c48a23000

page read and write

7f9c49082000

page read and write

7ffe1d676000

page read and write

55f390e1f000

page read and write

55f392e3d000

page read and write

7f9c49211000

page read and write

7f9c48e17000

page read and write

7f9c48a23000

page read and write

55f3933fd000

page read and write

7f9c496fd000

page read and write

7f9c49766000

page read and write

7f9b44030000

page read and write

7f9c49211000

page read and write

7f9c493f3000

page read and write

7ffe1d676000

page read and write

55f392e3d000

page read and write

55f390e1f000

page read and write

7f9c496fd000

page read and write

7f9c43fff000

page read and write

7f9c48e17000

page read and write

55f390bce000

page execute read

55f392e26000

page execute and read and write

7f9c49082000

page read and write

7ffe1d6cc000

page execute read

7f9c490a5000

page read and write

7f9c4821b000

page read and write

7ffe1d6cc000

page execute read

7f9b4402d000

page read and write

7f9c48ab5000

page read and write

7f9c44021000

page read and write

7f9c44021000

page read and write

7f9c495d4000

page read and write

7f9c48ab5000

page read and write

7f9c43fff000

page read and write

55f392e26000

page execute and read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
arm.b.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportarm.b.elf

Processes

IPs

Memdumps

IOC Report
arm.b.elf