Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/XMA5WIOHeT.elf

URLs

Name

Malicious

185.150.26.223:606

Details

Name:	185.150.26.223:606
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.150.26.223

unknown

Netherlands

Details

IP:	185.150.26.223
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fab0802c000

page execute read

7fab0802c000

page execute read

7fac10b3f000

page read and write

7ffc14b06000

page read and write

7fac11094000

page read and write

561d09cdc000

page read and write

7fac10b3f000

page read and write

7fac10745000

page read and write

7fac103e3000

page read and write

7ffc14b52000

page execute read

7fac1104f000

page read and write

7fac10d21000

page read and write

7fac07fff000

page read and write

561d09a82000

page execute read

7fac08021000

page read and write

7fac11094000

page read and write

7ffc14b06000

page read and write

7fac109d3000

page read and write

561d0c903000

page read and write

7fac07fff000

page read and write

561d0bcda000

page execute and read and write

7fac1102b000

page read and write

7fac10745000

page read and write

7fab0803a000

page read and write

7fac10f02000

page read and write

7fac0fb49000

page read and write

7fac10d21000

page read and write

7fac109d3000

page read and write

7fac10f02000

page read and write

7fac1102b000

page read and write

561d09cd3000

page read and write

561d09a82000

page execute read

7fac10351000

page read and write

7fac103e3000

page read and write

7fac1104f000

page read and write

7fac08021000

page read and write

561d0c903000

page read and write

561d0bcf1000

page read and write

7fac10351000

page read and write

7fac0fb49000

page read and write

561d09cd3000

page read and write

7fab08034000

page read and write

7fab08034000

page read and write

561d09cdc000

page read and write

7fab0803a000

page read and write

7fac109b0000

page read and write

561d0bcda000

page execute and read and write

7ffc14b52000

page execute read

7fac109b0000

page read and write

561d0bcf1000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
XMA5WIOHeT.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportXMA5WIOHeT.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
XMA5WIOHeT.elf