Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/ldCdti5sRA.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f480c01f000

page execute read

7f49039c8000

page read and write

7f4903165000

page read and write

7f4902ed6000

page read and write

7f49026c5000

page read and write

7f480c034000

page read and write

7f4903897000

page read and write

7fff81da3000

page execute read

55ba24966000

page read and write

7f48fc021000

page read and write

7f480c048000

page read and write

7f490354c000

page read and write

7f4903527000

page read and write

7f49039c0000

page read and write

55ba2294a000

page read and write

7f48fc000000

page read and write

55ba258d9000

page read and write

55ba226c7000

page execute read

55ba22952000

page read and write

7f4902ec8000

page read and write

55ba24950000

page execute and read and write

7fff81c45000

page read and write

7f4903a0d000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ldCdti5sRA.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportldCdti5sRA.elf

Processes

Domains

IPs

Memdumps

IOC Report
ldCdti5sRA.elf