Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/bin.sh.elf

URLs

Name

Malicious

http://%s:%d/bin.sh;chmod

unknown

http://ipinfo.io/ip

unknown

http://%s:%d/Mozi.a;chmod

unknown

http://%s:%d/Mozi.m;/tmp/Mozi.m

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://%s:%d/bin.sh

unknown

http://purenetworks.com/HNAP1/

unknown

http://%s:%d/Mozi.m;

unknown

http://%s:%d/Mozi.m;$

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://upx.sf.net

unknown

http://HTTP/1.1

unknown

http://%s:%d/Mozi.a;sh$

unknown

http://127.0.0.1

unknown

http://baidu.com/%s/%s/%d/%s/%s/%s/%s)

unknown

http://schemas.xmlsoap.org/soap/envelope//

unknown

http://%s:%d/Mozi.m

unknown

http://127.0.0.1sendcmd

unknown

There are 8 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f48f3514000

page read and write

7f48f3b73000

page read and write

7f48f41f6000

page read and write

7f48f37d2000

page read and write

7f48f3b96000

page read and write

55b34d5ff000

page read and write

7fff01fed000

page read and write

7f48f2d0c000

page read and write

7f48eb7ff000

page read and write

7f486c4c3000

page read and write

7f48f3522000

page read and write

55b349fa8000

page read and write

7f48f3bb3000

page read and write

55b34bfa6000

page execute and read and write

7f48f41ee000

page read and write

7fff01ff6000

page execute read

7f486c422000

page execute read

7f48f3ee4000

page read and write

7f48ec000000

page read and write

7f48ec021000

page read and write

7f48f40c5000

page read and write

55b34bfbd000

page read and write

7f48f423b000

page read and write

55b349f9e000

page read and write

55b349d16000

page execute read

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
bin.sh.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbin.sh.elf

Processes

URLs

IPs

Memdumps

IOC Report
bin.sh.elf