Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/mZFiaBnsij.elf

Domains

Name

Malicious

jhbaghjbasdg.shop

185.196.8.213

Details

Name:	jhbaghjbasdg.shop
IP:	185.196.8.213
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.196.8.213

jhbaghjbasdg.shop

Switzerland

Details

IP:	185.196.8.213
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	34888
ASN name:	SIMPLECARRER2IT
Private:	false
Domain:	jhbaghjbasdg.shop

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

217.32.184.17

unknown

United Kingdom

Details

IP:	217.32.184.17
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	6871
ASN name:	PLUSNETUKInternetServiceProviderGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fa429295000

page read and write

7fa420000000

page read and write

7fa3a0420000

page read and write

564f97eb6000

page execute read

7fa3a0423000

page read and write

7fa3a040f000

page execute read

7ffcc327b000

page read and write

7fa428dd4000

page read and write

564f9a0e9000

page read and write

7fa427f4d000

page read and write

564f97eb6000

page execute read

564f980cc000

page read and write

564f980d4000

page read and write

564f980cc000

page read and write

7fa3a0423000

page read and write

7fa428750000

page read and write

7fa427f4d000

page read and write

7fa420000000

page read and write

7fa42875e000

page read and write

564f9a0d2000

page execute and read and write

7fa428daf000

page read and write

7fa429250000

page read and write

7ffcc33c6000

page execute read

7fa3a0420000

page read and write

7fa429295000

page read and write

7fa3a040f000

page execute read

564f9acb3000

page read and write

7fa428750000

page read and write

7fa42911f000

page read and write

7fa420021000

page read and write

7fa4289ed000

page read and write

7fa428dd4000

page read and write

564f980d4000

page read and write

564f9a0e9000

page read and write

564f9a0d2000

page execute and read and write

7fa42875e000

page read and write

7fa4289ed000

page read and write

7fa420021000

page read and write

564f9acb3000

page read and write

7fa429250000

page read and write

7ffcc33c6000

page execute read

7fa429248000

page read and write

7fa428daf000

page read and write

7fa429248000

page read and write

7fa42911f000

page read and write

7ffcc327b000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mZFiaBnsij.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportmZFiaBnsij.elf

Processes

Domains

IPs

Memdumps

IOC Report
mZFiaBnsij.elf