Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Id2uxwyyf8.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.hTOBRkk1hI /tmp/tmp.DQktqIH7G6 /tmp/tmp.XtyVCSbllx

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.hTOBRkk1hI /tmp/tmp.DQktqIH7G6 /tmp/tmp.XtyVCSbllx

URLs

Name

Malicious

94.156.8.9:23

Details

Name:	94.156.8.9:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

IPs

Domain

Country

Malicious

94.156.8.9

unknown

Bulgaria

Details

IP:	94.156.8.9
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking

34.249.145.219

unknown

United States

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe07c028000

page execute read

7fe07c028000

page execute read

7fe184c34000

page read and write

7fe183f5a000

page read and write

7fe184c34000

page read and write

7fe1845b9000

page read and write

5638ea1d0000

page read and write

7fe183fec000

page read and write

7fe184748000

page read and write

7fe18434e000

page read and write

7fe17bfff000

page read and write

7fe184c58000

page read and write

5638ea1d9000

page read and write

5638ed9c0000

page read and write

7fe1845dc000

page read and write

5638e9f7f000

page execute read

7ffd83c1d000

page read and write

5638ec1d7000

page execute and read and write

7fe17c021000

page read and write

5638ec1ee000

page read and write

7fe183752000

page read and write

7fe183752000

page read and write

5638ea1d9000

page read and write

7fe1845b9000

page read and write

7fe184b0b000

page read and write

7fe183f5a000

page read and write

7ffd83d5f000

page execute read

7fe184b0b000

page read and write

7fe18434e000

page read and write

7fe17c021000

page read and write

7fe18492a000

page read and write

5638e9f7f000

page execute read

7fe1845dc000

page read and write

7fe18492a000

page read and write

5638ec1ee000

page read and write

7fe07c037000

page read and write

7ffd83c1d000

page read and write

7fe07c031000

page read and write

7fe184c9d000

page read and write

7fe184c9d000

page read and write

7fe07c031000

page read and write

5638ea1d0000

page read and write

7fe183fec000

page read and write

7ffd83d5f000

page execute read

7fe184c58000

page read and write

7fe07c037000

page read and write

5638ed9c0000

page read and write

5638ec1d7000

page execute and read and write

7fe184748000

page read and write

7fe17bfff000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Id2uxwyyf8.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportId2uxwyyf8.elf

Processes

URLs

IPs

Memdumps

IOC Report
Id2uxwyyf8.elf