Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/xd.mips.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/xd.mips.elf
Source:	xd.mips.elf
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

209.141.33.93

unknown

United States

Details

IP:	209.141.33.93
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	53667
ASN name:	PONYNETUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

7f2e583b9000

page read and write

7f2e583c1000

page read and write

7f2e50021000

page read and write

7f2dd040e000

page execute read

7ffeac141000

page read and write

7f2e5799d000

page read and write

7f2e58406000

page read and write

7f2e57d3e000

page read and write

7f2e50000000

page read and write

5559b00eb000

page read and write

7ffeac185000

page execute read

5559afe63000

page execute read

5559b2b73000

page read and write

5559b20f3000

page execute and read and write

7f2e580af000

page read and write

7f2dd0130000

page execute and read and write

7f2e57d61000

page read and write

7f2e57d7e000

page read and write

7f2e576df000

page read and write

7f2dd0454000

page read and write

5559b210a000

page read and write

7f2e58290000

page read and write

7f2e56ed7000

page read and write

7f2e576ed000

page read and write

5559b00f5000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
xd.mips.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportxd.mips.elf

Processes

URLs

IPs

Memdumps

IOC Report
xd.mips.elf