Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/D88pI7Bo4B.elf

URLs

Name

Malicious

193.35.18.56:65490

Details

Name:	193.35.18.56:65490
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

193.35.18.56

unknown

Germany

Details

IP:	193.35.18.56
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	41865
ASN name:	BIALLNET-ASPL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe13802d000

page execute read

7fe13802d000

page execute read

7fe23fedb000

page read and write

7fe23eee5000

page read and write

7fe13803b000

page read and write

7fe23f6ed000

page read and write

7fe237fff000

page read and write

7fe2400bd000

page read and write

7fe13803b000

page read and write

7ffdae0a8000

page read and write

7fe240430000

page read and write

7fe138035000

page read and write

556f69d41000

page read and write

7fe238021000

page read and write

7fe237fff000

page read and write

556f67d2c000

page read and write

7fe24029e000

page read and write

7fe23f77f000

page read and write

7fe240430000

page read and write

556f69d2a000

page execute and read and write

7fe2400bd000

page read and write

556f69d41000

page read and write

7fe24029e000

page read and write

556f6a3fc000

page read and write

7fe23fae1000

page read and write

7fe23eee5000

page read and write

556f67d2c000

page read and write

7fe2403c7000

page read and write

7ffdae1f3000

page execute read

556f67d23000

page read and write

556f6a3fc000

page read and write

556f67d23000

page read and write

7ffdae0a8000

page read and write

7fe23fedb000

page read and write

7fe2403eb000

page read and write

7fe23fd6f000

page read and write

7fe2403c7000

page read and write

7fe23fae1000

page read and write

556f67ad2000

page execute read

7fe138035000

page read and write

7fe23fd4c000

page read and write

7fe238021000

page read and write

556f69d2a000

page execute and read and write

7fe23fd4c000

page read and write

7ffdae1f3000

page execute read

7fe23f6ed000

page read and write

7fe23fd6f000

page read and write

7fe23f77f000

page read and write

7fe2403eb000

page read and write

556f67ad2000

page execute read

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
D88pI7Bo4B.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportD88pI7Bo4B.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
D88pI7Bo4B.elf