Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/coritDumjn.elf

URLs

Name

Malicious

193.35.18.56:65490

Details

Name:	193.35.18.56:65490
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

193.35.18.56

unknown

Germany

Details

IP:	193.35.18.56
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	41865
ASN name:	BIALLNET-ASPL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f2ee0030000

page execute read

7f2ee0030000

page execute read

7f2fe943d000

page read and write

564501a40000

page execute read

7f2fe9461000

page read and write

564501a40000

page execute read

7fff06dde000

page execute read

7f2fe8de5000

page read and write

7f2fe87f5000

page read and write

7f2fe0021000

page read and write

7f2fe8763000

page read and write

7f2fe8de5000

page read and write

564503caf000

page read and write

7f2ee0039000

page read and write

7f2fe8dc2000

page read and write

564501c91000

page read and write

7fff06d1d000

page read and write

7f2ee0041000

page read and write

7f2fe7f5b000

page read and write

564503c98000

page execute and read and write

7f2fe94a6000

page read and write

7f2fe87f5000

page read and write

564504b8c000

page read and write

7f2fe9314000

page read and write

7f2fe0021000

page read and write

7f2fe7f5b000

page read and write

7fff06d1d000

page read and write

564501c9a000

page read and write

7f2fe9133000

page read and write

7f2fe8763000

page read and write

7f2fe8f51000

page read and write

7f2fe9314000

page read and write

564504b8b000

page read and write

564501c91000

page read and write

7f2fe94a6000

page read and write

7f2fe8b57000

page read and write

7f2fe9133000

page read and write

7f2ee0041000

page read and write

7f2fe8b57000

page read and write

7f2fe9461000

page read and write

564501c9a000

page read and write

7f2fe943d000

page read and write

7f2fe8f51000

page read and write

7f2fdffff000

page read and write

7fff06dde000

page execute read

7f2ee0039000

page read and write

564504b6a000

page read and write

7f2fdffff000

page read and write

564503caf000

page read and write

7f2fe8dc2000

page read and write

564503c98000

page execute and read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
coritDumjn.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportcoritDumjn.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
coritDumjn.elf