Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/If1BjZdkZh.elf

Domains

Name

Malicious

jhbaghjbasdg.shop

185.196.8.213

Details

Name:	jhbaghjbasdg.shop
IP:	185.196.8.213
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.196.8.213

jhbaghjbasdg.shop

Switzerland

Details

IP:	185.196.8.213
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	34888
ASN name:	SIMPLECARRER2IT
Private:	false
Domain:	jhbaghjbasdg.shop

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

217.32.184.17

unknown

United Kingdom

Details

IP:	217.32.184.17
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	6871
ASN name:	PLUSNETUKInternetServiceProviderGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe694019000

page read and write

7fe714021000

page read and write

55ddbbb82000

page read and write

7fe694014000

page execute read

7fe71ae36000

page read and write

7fe71b6de000

page read and write

7fe714021000

page read and write

7fe71b691000

page read and write

55ddbbaeb000

page execute and read and write

55ddbbb82000

page read and write

7fe71b699000

page read and write

55ddbbe2f000

page read and write

7fe714000000

page read and write

55ddb9ae5000

page read and write

7fe71ab99000

page read and write

7ffd393f6000

page execute read

7fe71b21d000

page read and write

55ddb98b3000

page execute read

55ddb9ae5000

page read and write

7fe71b699000

page read and write

55ddb9aed000

page read and write

55ddb9aed000

page read and write

55ddbbe2f000

page read and write

7ffd393ba000

page read and write

55ddbbaeb000

page execute and read and write

7ffd393f6000

page execute read

7fe71b6de000

page read and write

55ddb98b3000

page execute read

7ffd393ba000

page read and write

7fe694016000

page read and write

7fe71b1f8000

page read and write

7fe71aba7000

page read and write

7fe71b1f8000

page read and write

7fe694019000

page read and write

7fe694016000

page read and write

7fe71ae36000

page read and write

55ddbbe0e000

page read and write

7fe71ab99000

page read and write

7fe71a396000

page read and write

7fe71b21d000

page read and write

7fe71b568000

page read and write

7fe71aba7000

page read and write

7fe71b568000

page read and write

7fe71a396000

page read and write

7fe694014000

page execute read

7fe714000000

page read and write

7fe71b691000

page read and write

There are 37 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
If1BjZdkZh.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportIf1BjZdkZh.elf

Processes

Domains

IPs

Memdumps

IOC Report
If1BjZdkZh.elf