Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/eFRX5kWfol.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.lP3ujbDVHq /tmp/tmp.sGvxnbEPCz /tmp/tmp.Ji4EecG5YZ

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.lP3ujbDVHq /tmp/tmp.sGvxnbEPCz /tmp/tmp.Ji4EecG5YZ

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

54.217.10.153

unknown

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

530000

page read and write

41b000

page execute read

Details

Name:	5482.1.0000000000400000.000000000041b000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	41b000
Size:	110592

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

7ffc86331000

page read and write

631000

page read and write

7ffc86376000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
eFRX5kWfol.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReporteFRX5kWfol.elf

Processes

Domains

IPs

Memdumps

IOC Report
eFRX5kWfol.elf