Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/jnJdG31oiA.elf

URLs

Name

Malicious

193.35.18.56:65490

Details

Name:	193.35.18.56:65490
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

193.35.18.56

unknown

Germany

Details

IP:	193.35.18.56
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	41865
ASN name:	BIALLNET-ASPL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f3a00415000

page execute read

7f3a00415000

page execute read

55b751360000

page execute and read and write

7f3a85903000

page read and write

7f3a855b8000

page read and write

7f3a0042d000

page read and write

55b74f144000

page execute read

55b74f144000

page execute read

7f3a80000000

page read and write

7f3a84f42000

page read and write

7f3a84f42000

page read and write

7f3a85a79000

page read and write

7f3a84f34000

page read and write

7f3a855b8000

page read and write

7f3a85903000

page read and write

55b751377000

page read and write

7f3a85a34000

page read and write

55b74f35a000

page read and write

7f3a00425000

page read and write

55b75256d000

page read and write

7ffe8ffd3000

page execute read

55b74f35a000

page read and write

7f3a85a79000

page read and write

7f3a80021000

page read and write

7f3a80021000

page read and write

7f3a85a2c000

page read and write

55b75256d000

page read and write

7ffe8fe2d000

page read and write

55b751360000

page execute and read and write

7f3a851d1000

page read and write

7f3a84f34000

page read and write

55b74f362000

page read and write

55b751377000

page read and write

55b74f362000

page read and write

7f3a84731000

page read and write

7f3a00425000

page read and write

7f3a85a34000

page read and write

7f3a85593000

page read and write

7f3a85a2c000

page read and write

7f3a85593000

page read and write

7f3a84731000

page read and write

7ffe8fe2d000

page read and write

7f3a0042d000

page read and write

7f3a80000000

page read and write

7f3a851d1000

page read and write

7ffe8ffd3000

page execute read

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
jnJdG31oiA.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportjnJdG31oiA.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
jnJdG31oiA.elf