Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Zz4JCR594d.elf

Domains

Name

Malicious

eclp8oz0m8mxouv96hc9p7k2btydt3iv.click

103.97.132.194

Details

Name:	eclp8oz0m8mxouv96hc9p7k2btydt3iv.click
IP:	103.97.132.194
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

103.97.132.194

eclp8oz0m8mxouv96hc9p7k2btydt3iv.click

Viet Nam

Details

IP:	103.97.132.194
TargetID:	-1
Country:	Viet Nam
Countrycode:	VNM
ASN number:	55933
ASN name:	CLOUDIE-AS-APCloudieLimitedHK
Private:	false
Domain:	eclp8oz0m8mxouv96hc9p7k2btydt3iv.click

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

805a000

page execute read

Details

Name:	5493.1.0000000008048000.000000000805a000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	805a000
Size:	73728

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Okiru	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

ffd51000

page read and write

818f000

page read and write

f7fa1000

page execute read

805f000

page read and write

8064000

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Zz4JCR594d.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportZz4JCR594d.elf

Processes

Domains

IPs

Memdumps

IOC Report
Zz4JCR594d.elf