Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/yI52EULGv3.elf

/bin/sh

sh -c "mkdir /tuqrq95kgq/ && >/tuqrq95kgq/tuqrq95kgq && cd /tuqrq95kgq/ >/dev/null"

/bin/sh

/usr/bin/mkdir

mkdir /tuqrq95kgq/

/tmp/yI52EULGv3.elf

/bin/sh

sh -c "mv /tmp/yI52EULGv3.elf /tuqrq95kgq/tuqrq95kgq && chmod 777 /tuqrq95kgq/tuqrq95kgq >/dev/null"

/bin/sh

/usr/bin/mv

mv /tmp/yI52EULGv3.elf /tuqrq95kgq/tuqrq95kgq

/bin/sh

/usr/bin/chmod

chmod 777 /tuqrq95kgq/tuqrq95kgq

There are 3 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

94.156.71.75

unknown

Bulgaria

Details

IP:	94.156.71.75
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	31420
ASN name:	TERASYST-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f10d8015000

page read and write

7f1158021000

page read and write

7f115d480000

page read and write

7ffca8935000

page execute read

7f10d8018000

page read and write

7f1158021000

page read and write

7f115e2e2000

page read and write

557007120000

page read and write

7f115dc91000

page read and write

7f1158000000

page read and write

7f115e7c8000

page read and write

7f115dc91000

page read and write

7f10d8015000

page read and write

7ffca8881000

page read and write

5570066ce000

page execute and read and write

557006765000

page read and write

7f115e307000

page read and write

7f115df20000

page read and write

7f10d8013000

page execute read

557007120000

page read and write

7f10d8013000

page execute read

7f10d8018000

page read and write

7f115d480000

page read and write

557007120000

page read and write

5570066ce000

page execute and read and write

7f1158021000

page read and write

7ffca8881000

page read and write

7f115d480000

page read and write

5570046c8000

page read and write

7f10d8015000

page read and write

7ffca8881000

page read and write

7f115e307000

page read and write

5570046d0000

page read and write

7f115e307000

page read and write

557004496000

page execute read

5570046d0000

page read and write

7ffca8935000

page execute read

7f10d8013000

page execute read

5570046c8000

page read and write

7f115e77b000

page read and write

7f115dc83000

page read and write

7f115e77b000

page read and write

7f1158000000

page read and write

7f115df20000

page read and write

7f115df20000

page read and write

5570046d0000

page read and write

7f115dc91000

page read and write

7f115e783000

page read and write

7f115dc83000

page read and write

5570066ce000

page execute and read and write

7f115e2e2000

page read and write

7f115e77b000

page read and write

7f115e7c8000

page read and write

557004496000

page execute read

7f10d8018000

page read and write

557006765000

page read and write

7f115e783000

page read and write

7f115dc83000

page read and write

7f115e652000

page read and write

5570070ff000

page read and write

5570070ff000

page read and write

7f115e652000

page read and write

7f1158000000

page read and write

7ffca8935000

page execute read

7f115e7c8000

page read and write

7f115e783000

page read and write

7f115e652000

page read and write

5570046c8000

page read and write

557006765000

page read and write

557004496000

page execute read

7f115e2e2000

page read and write

There are 61 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
yI52EULGv3.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportyI52EULGv3.elf

Processes

IPs

Memdumps

IOC Report
yI52EULGv3.elf