Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/ClPVG70TmC.elf

Domains

Name

Malicious

kovey.mezo-api.xyz

45.131.111.219

Details

Name:	kovey.mezo-api.xyz
IP:	45.131.111.219
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS queries to domains with low reputation	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

45.131.111.219

kovey.mezo-api.xyz

Germany

Details

IP:	45.131.111.219
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	398373
ASN name:	SERVERDESTROYERSUS
Private:	false
Domain:	kovey.mezo-api.xyz

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

410000

page execute read

Details

Name:	5436.1.0000000000400000.0000000000410000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	410000
Size:	65536

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

7ffd47a6c000

page read and write

192c000

page read and write

7ffd47b15000

page execute read

511000

page read and write

513000

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ClPVG70TmC.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportClPVG70TmC.elf

Processes

Domains

IPs

Memdumps

IOC Report
ClPVG70TmC.elf