Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/ij5Z8oy5e3.elf

/usr/bin/xfce4-session

/usr/bin/xfdesktop

xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528

/usr/bin/xfce4-session

/usr/bin/xfdesktop

xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528

/usr/bin/xfce4-session

/usr/bin/xfdesktop

xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528

/usr/bin/xfce4-session

/usr/bin/xfdesktop

xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528

/usr/bin/xfce4-session

/usr/bin/xfdesktop

xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528

There are 4 hidden processes, click here to show them.

Domains

Name

Malicious

aomacamada.ddns.net

203.145.46.240

Details

Name:	aomacamada.ddns.net
IP:	203.145.46.240
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Sends malformed DNS queries	Networking
Uses dynamic DNS services	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

net-killer.ddns.net

203.145.46.240

Details

Name:	net-killer.ddns.net
IP:	203.145.46.240
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Sends malformed DNS queries	Networking
Uses dynamic DNS services	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

net-killer.ooguy.com

203.145.46.240

Details

Name:	net-killer.ooguy.com
IP:	203.145.46.240
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

aomacamada.ddns.net. [malformed]

unknown

Details

Name:	aomacamada.ddns.net. [malformed]
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Sends malformed DNS queries	Networking
Uses dynamic DNS services	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

net-killer.ooguy.com. [malformed]

unknown

net-killer.ddns.net. [malformed]

unknown

Details

Name:	net-killer.ddns.net. [malformed]
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Sends malformed DNS queries	Networking
Uses dynamic DNS services	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

Vet-killer.io.v. [malformed]

unknown

domain-botnet.servehttp.com

51.79.217.59

Details

Name:	domain-botnet.servehttp.com
IP:	51.79.217.59
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

203.145.46.240

aomacamada.ddns.net

unknown

Details

IP:	203.145.46.240
TargetID:	-1
ASN number:	9313
ASN name:	ONTHENET-ASNetworkTechnologyAUSTPLAU
Private:	false
Domain:	aomacamada.ddns.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

51.79.217.59

domain-botnet.servehttp.com

Canada

Details

IP:	51.79.217.59
TargetID:	-1
Country:	Canada
Countrycode:	CAN
ASN number:	16276
ASN name:	OVHFR
Private:	false
Domain:	domain-botnet.servehttp.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

ff946000

page read and write

f7f47000

page execute read

8064000

page read and write

8060000

page read and write

8064000

page read and write

9a55000

page read and write

805b000

page execute read

9a55000

page read and write

f7f47000

page execute read

805b000

page execute read

8060000

page read and write

ff946000

page read and write

There are 2 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ij5Z8oy5e3.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportij5Z8oy5e3.elf

Processes

Domains

IPs

Memdumps

IOC Report
ij5Z8oy5e3.elf