Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/63PPG1bWEo.elf

Domains

Name

Malicious

jhbaghjbasdg.shop

185.196.8.213

Details

Name:	jhbaghjbasdg.shop
IP:	185.196.8.213
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.196.8.213

jhbaghjbasdg.shop

Switzerland

Details

IP:	185.196.8.213
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	34888
ASN name:	SIMPLECARRER2IT
Private:	false
Domain:	jhbaghjbasdg.shop

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

55d843fea000

page read and write

7f9f2f6b2000

page read and write

7f9e28029000

page execute read

7f9f2f4d1000

page read and write

7ffc9efcb000

page execute read

7ffc9eec3000

page read and write

7f9e28034000

page read and write

7ffc9efcb000

page execute read

7f9f2f7ff000

page read and write

55d844eaa000

page read and write

7f9f2f844000

page read and write

7f9f2f160000

page read and write

55d843fd3000

page execute and read and write

7f9f2f183000

page read and write

7f9f2eef5000

page read and write

7f9f2e2f9000

page read and write

7f9f2f6b2000

page read and write

55d841fd5000

page read and write

7f9e28029000

page execute read

7f9f2f7ff000

page read and write

7f9f2f844000

page read and write

7f9e28031000

page read and write

55d843fd3000

page execute and read and write

7f9f2f160000

page read and write

55d841d7b000

page execute read

7ffc9eec3000

page read and write

7f9f2eb93000

page read and write

7f9f2eb93000

page read and write

7f9e28031000

page read and write

7f9f28021000

page read and write

55d841fcc000

page read and write

55d841fd5000

page read and write

7f9f2f2ef000

page read and write

7f9f2eb01000

page read and write

7f9f27fff000

page read and write

7f9f2f183000

page read and write

55d841fcc000

page read and write

7f9f2eb01000

page read and write

7f9f2e2f9000

page read and write

55d844eaa000

page read and write

7f9f28021000

page read and write

7f9f2f2ef000

page read and write

7f9f2f7db000

page read and write

7f9f27fff000

page read and write

55d841d7b000

page execute read

7f9f2f7db000

page read and write

7f9f2f4d1000

page read and write

55d843fea000

page read and write

7f9e28034000

page read and write

7f9f2eef5000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
63PPG1bWEo.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report63PPG1bWEo.elf

Processes

Domains

IPs

Memdumps

IOC Report
63PPG1bWEo.elf