Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/8xnQBClhg7.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.150.26.226

unknown

Netherlands

Details

IP:	185.150.26.226
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

805b000

page execute read

805b000

page execute read

805b000

page execute read

805c000

page read and write

903e000

page read and write

ffaae000

page read and write

8062000

page read and write

ffaae000

page read and write

ffaae000

page read and write

f7f98000

page execute read

805c000

page read and write

8062000

page read and write

f7f98000

page execute read

903e000

page read and write

903e000

page read and write

8062000

page read and write

f7f98000

page execute read

805c000

page read and write

There are 8 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
8xnQBClhg7.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report8xnQBClhg7.elf

Processes

Domains

IPs

Memdumps

IOC Report
8xnQBClhg7.elf