IOC Report
PwP4tXNi4a.elf

Processes

Path

Cmdline

Malicious

/tmp/PwP4tXNi4a.elf

/tmp/PwP4tXNi4a.elf

/tmp/PwP4tXNi4a.elf

-

/tmp/PwP4tXNi4a.elf

-

/tmp/PwP4tXNi4a.elf

-

Domains

Name

IP

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

IP

Domain

Country

Malicious

185.150.26.226

unknown

Netherlands

Details

IP:	185.150.26.226
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f8d8c030000

page execute read

7f8d8c030000

page execute read

7f8d8c030000

page execute read

7ffc4e5ef000

page execute read

7ffc4e5e9000

page read and write

55f936418000

page read and write

7f8e94e3e000

page read and write

7f8e9418d000

page read and write

7f8e8c021000

page read and write

55f93842d000

page read and write

55f93842d000

page read and write

7f8e94cac000

page read and write

7f8e9477d000

page read and write

7f8e94dd5000

page read and write

7f8e8c021000

page read and write

7f8e94e3e000

page read and write

7f8e9418d000

page read and write

7f8e94acb000

page read and write

7f8e9418d000

page read and write

55f9361be000

page execute read

55f9361be000

page execute read

7f8e9475a000

page read and write

7f8e94acb000

page read and write

55f938416000

page execute and read and write

7f8e944ef000

page read and write

55f93842d000

page read and write

55f936418000

page read and write

55f93640f000

page read and write

7f8e944ef000

page read and write

7f8e938f3000

page read and write

7ffc4e5e9000

page read and write

7f8d8c040000

page read and write

7f8e94df9000

page read and write

7ffc4e5ef000

page execute read

7f8e938f3000

page read and write

7f8e948e9000

page read and write

7f8e94e3e000

page read and write

55f93a1d9000

page read and write

7f8e94cac000

page read and write

7f8d8c040000

page read and write

7f8e9475a000

page read and write

55f938416000

page execute and read and write

7f8e8c021000

page read and write

7f8e94cac000

page read and write

55f938416000

page execute and read and write

7f8d8c039000

page read and write

7f8e8bfff000

page read and write

7f8e940fb000

page read and write

55f9361be000

page execute read

7f8e94df9000

page read and write

7f8e9475a000

page read and write

55f93640f000

page read and write

7f8e94dd5000

page read and write

7f8e940fb000

page read and write

7ffc4e5e9000

page read and write

7f8e948e9000

page read and write

7ffc4e5ef000

page execute read

7f8d8c040000

page read and write

7f8e94dd5000

page read and write

7f8e8bfff000

page read and write

7f8e944ef000

page read and write

7f8e9477d000

page read and write

7f8e9477d000

page read and write

7f8e938f3000

page read and write

7f8d8c039000

page read and write

55f93a1d9000

page read and write

55f93640f000

page read and write

7f8d8c039000

page read and write

7f8e8bfff000

page read and write

55f93a1d9000

page read and write

7f8e94acb000

page read and write

55f936418000

page read and write

7f8e940fb000

page read and write

7f8e94df9000

page read and write

7f8e948e9000

page read and write

There are 65 hidden memdumps, click here to show them.