Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/tUzH4zTmwI.elf

/bin/sh

sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

/bin/sh

/usr/sbin/iptables

iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

/tmp/tUzH4zTmwI.elf

/bin/sh

sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

/bin/sh

/bin/busybox

/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

/tmp/tUzH4zTmwI.elf

/bin/sh

sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

/bin/sh

/tmp/tUzH4zTmwI.elf

/bin/sh

sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

/bin/sh

/tmp/tUzH4zTmwI.elf

/bin/sh

sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"

/bin/sh

/usr/bin/busybox

busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT

There are 13 hidden processes, click here to show them.

Domains

Name

Malicious

dead-cheap-doma.in

185.196.11.64

Details

Name:	dead-cheap-doma.in
IP:	185.196.11.64
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.196.11.64

dead-cheap-doma.in

Switzerland

Details

IP:	185.196.11.64
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	42624
ASN name:	SIMPLECARRIERCH
Private:	false
Domain:	dead-cheap-doma.in

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

212.118.43.167

unknown

Russian Federation

Details

IP:	212.118.43.167
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	25308
ASN name:	CITYLAN-ASRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55e83bd1b000

page read and write

7fc95c000000

page read and write

7fc9638fe000

page read and write

7fc962ee2000

page read and write

7fc8dc447000

page read and write

7fc9632a6000

page read and write

55e83f7d9000

page read and write

7fc9637d5000

page read and write

7fc8dc435000

page execute read

55e83dd3a000

page read and write

7fc9632c3000

page read and write

7fc962c32000

page read and write

7fff81e47000

page execute read

7fc963906000

page read and write

55e83ba93000

page execute read

7fc9635f4000

page read and write

55e83dd23000

page execute and read and write

7fc95c021000

page read and write

7fc8dc445000

page read and write

7fc96241c000

page read and write

7fc962c24000

page read and write

7fc96394b000

page read and write

55e83bd25000

page read and write

7fc963283000

page read and write

7fff81e07000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
tUzH4zTmwI.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReporttUzH4zTmwI.elf

Processes

Domains

IPs

Memdumps

IOC Report
tUzH4zTmwI.elf