Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/DI3Zukrm4Y.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f08ac037000

page execute read

55be06b77000

page execute and read and write

7f09ac021000

page read and write

7f09b3a3e000

page read and write

7f08ac048000

page read and write

7f09b36cb000

page read and write

7f09b39d5000

page read and write

7f09abfff000

page read and write

7f09b38ac000

page read and write

55be086e2000

page read and write

7f09b2cfb000

page read and write

7f09b337d000

page read and write

55be04b79000

page read and write

7f09b24f3000

page read and write

7ffff5fe7000

page execute read

7ffff5f1c000

page read and write

7f09b34e9000

page read and write

7f09b2d8d000

page read and write

55be06b8e000

page read and write

7f09b335a000

page read and write

55be04b70000

page read and write

7f09b39f9000

page read and write

7f09b30ef000

page read and write

55be0491f000

page execute read

7f08ac043000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
DI3Zukrm4Y.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportDI3Zukrm4Y.elf

Processes

IPs

Memdumps

IOC Report
DI3Zukrm4Y.elf