Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/dYAd42NlXg.elf

Domains

Name

Malicious

jhbaghjbasdg.shop

185.196.8.213

Details

Name:	jhbaghjbasdg.shop
IP:	185.196.8.213
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.196.8.213

jhbaghjbasdg.shop

Switzerland

Details

IP:	185.196.8.213
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	34888
ASN name:	SIMPLECARRER2IT
Private:	false
Domain:	jhbaghjbasdg.shop

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7f5f88012000

page execute read

7f607eb16000

page read and write

7fff3f06d000

page read and write

7fff3f06d000

page read and write

55d6d29e0000

page read and write

7f607f319000

page read and write

7f607eb16000

page read and write

7f5f88012000

page execute read

7f6078021000

page read and write

7f607f327000

page read and write

7f607fe5e000

page read and write

7f607f319000

page read and write

7f6078021000

page read and write

7f607f5b6000

page read and write

55d6d49fc000

page read and write

7f607f327000

page read and write

7f5f88025000

page read and write

55d6d661c000

page read and write

7f6078000000

page read and write

55d6d275d000

page execute read

55d6d49e6000

page execute and read and write

7f607fe5e000

page read and write

7f607f99d000

page read and write

7f607f5b6000

page read and write

7f6078000000

page read and write

7f5f88025000

page read and write

55d6d29e0000

page read and write

7f607fce8000

page read and write

7f607f978000

page read and write

55d6d49fc000

page read and write

7f607fe19000

page read and write

7f607fe11000

page read and write

55d6d49e6000

page execute and read and write

7f5f88022000

page read and write

7f5f88022000

page read and write

55d6d275d000

page execute read

7f607fe19000

page read and write

7f607fe11000

page read and write

55d6d29e8000

page read and write

7fff3f0a1000

page execute read

55d6d661c000

page read and write

7f607fce8000

page read and write

55d6d29e8000

page read and write

7fff3f0a1000

page execute read

7f607f978000

page read and write

7f607f99d000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
dYAd42NlXg.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportdYAd42NlXg.elf

Processes

Domains

IPs

Memdumps

IOC Report
dYAd42NlXg.elf