IOC Report
gCqnbN34QY.elf

Processes

Path

Cmdline

Malicious

/tmp/gCqnbN34QY.elf

/tmp/gCqnbN34QY.elf

/tmp/gCqnbN34QY.elf

-

/tmp/gCqnbN34QY.elf

-

/tmp/gCqnbN34QY.elf

-

IPs

IP

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

209.14.69.249

unknown

United States

Details

IP:	209.14.69.249
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	6220
ASN name:	AS6220US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55be69492000

page read and write

7ffcdcb45000

page execute read

7f58463c8000

page read and write

7f5846657000

page read and write

7f5846d89000

page read and write

7f5846657000

page read and write

7f575001f000

page read and write

7f5840021000

page read and write

55be6afc7000

page read and write

7f5846eff000

page read and write

7f575000e000

page execute read

55be67476000

page read and write

55be67476000

page read and write

55be6947c000

page execute and read and write

55be69492000

page read and write

7f575001f000

page read and write

55be6747e000

page read and write

7f5846a19000

page read and write

7f5845bb7000

page read and write

7f5846eba000

page read and write

7f5840021000

page read and write

7f5840021000

page read and write

7f575001e000

page read and write

7f58463ba000

page read and write

7f5846eff000

page read and write

7f5840000000

page read and write

55be6afc7000

page read and write

7f5846eb2000

page read and write

7f5846eb2000

page read and write

55be6747e000

page read and write

7f58463ba000

page read and write

7f575000e000

page execute read

7f5840000000

page read and write

7f575001e000

page read and write

7ffcdcabe000

page read and write

55be671f3000

page execute read

7f5846a19000

page read and write

7f5846eb2000

page read and write

7f5840000000

page read and write

7f5845bb7000

page read and write

55be6afc7000

page read and write

7f5846657000

page read and write

7ffcdcb45000

page execute read

7f5846a3e000

page read and write

7ffcdcabe000

page read and write

7f5846a3e000

page read and write

7f5845bb7000

page read and write

7f5846d89000

page read and write

55be671f3000

page execute read

55be6947c000

page execute and read and write

55be6947c000

page execute and read and write

7f58463c8000

page read and write

55be69492000

page read and write

7f575001f000

page read and write

7f575001e000

page read and write

7ffcdcb45000

page execute read

7f5846a3e000

page read and write

7f58463ba000

page read and write

7f5846d89000

page read and write

55be6747e000

page read and write

7ffcdcabe000

page read and write

7f5846a19000

page read and write

7f58463c8000

page read and write

7f5846eba000

page read and write

55be67476000

page read and write

7f5846eff000

page read and write

7f5846eba000

page read and write

55be671f3000

page execute read

7f575000e000

page execute read

There are 59 hidden memdumps, click here to show them.