Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Y4pblBbDQc.elf

URLs

Name

Malicious

94.156.8.9:23

Details

Name:	94.156.8.9:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

94.156.8.9

unknown

Bulgaria

Details

IP:	94.156.8.9
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f4db8029000

page execute read

7f4db8029000

page execute read

7f4ebdf26000

page read and write

55801348a000

page execute read

7f4ebe297000

page read and write

55801348a000

page execute read

7f4db8032000

page read and write

7f4ebdf26000

page read and write

5580156e2000

page execute and read and write

5580136e4000

page read and write

7f4ebe60a000

page read and write

7fff37560000

page read and write

7f4eb7fff000

page read and write

7f4db8038000

page read and write

5580156e2000

page execute and read and write

7f4ebe5c5000

page read and write

558015b6d000

page read and write

7f4eb8021000

page read and write

7f4ebe5a1000

page read and write

7f4ebe5a1000

page read and write

7f4db8038000

page read and write

7fff37560000

page read and write

7f4ebdcbb000

page read and write

7f4eb8021000

page read and write

7f4ebd8c7000

page read and write

7f4ebe0b5000

page read and write

5580136e4000

page read and write

7f4eb7fff000

page read and write

7f4ebe478000

page read and write

7fff375e7000

page execute read

7f4ebdcbb000

page read and write

7f4ebe5c5000

page read and write

5580156f9000

page read and write

7f4ebe60a000

page read and write

7f4ebd8c7000

page read and write

7f4ebdf49000

page read and write

5580156f9000

page read and write

7f4db8032000

page read and write

5580136db000

page read and write

7f4ebd0bf000

page read and write

7f4ebd959000

page read and write

7f4ebd0bf000

page read and write

7f4ebd959000

page read and write

7f4ebe478000

page read and write

5580136db000

page read and write

7f4ebe297000

page read and write

7f4ebdf49000

page read and write

7fff375e7000

page execute read

558015b6d000

page read and write

7f4ebe0b5000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Y4pblBbDQc.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportY4pblBbDQc.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Y4pblBbDQc.elf