Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/p4JEO4DdDU.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fed2c036000

page execute read

7fee33e4b000

page read and write

7fee33171000

page read and write

7fee2bfff000

page read and write

7fee3395f000

page read and write

7fee32969000

page read and write

7fee33d22000

page read and write

7fee337f3000

page read and write

7fee33eb4000

page read and write

55eeff7f5000

page read and write

7fee337d0000

page read and write

7fee33e6f000

page read and write

55ef01366000

page read and write

7fee33b41000

page read and write

55eeff7de000

page execute and read and write

55eefd586000

page execute read

7fee33565000

page read and write

7fed2c047000

page read and write

7fed2c042000

page read and write

55eefd7d7000

page read and write

7ffe16876000

page read and write

7ffe16996000

page execute read

7fee2c021000

page read and write

7fee33203000

page read and write

55eefd7e0000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
p4JEO4DdDU.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportp4JEO4DdDU.elf

Processes

IPs

Memdumps

IOC Report
p4JEO4DdDU.elf