Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/kWVY0Rqmlx.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

80.182.142.45

unknown

Italy

Details

IP:	80.182.142.45
TargetID:	-1
Country:	Italy
Countrycode:	ITA
ASN number:	3269
ASN name:	ASN-IBSNAZIT
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f1234428000

page execute read

7f1234428000

page execute read

7f12b9b7b000

page read and write

55c488cd7000

page read and write

7f12b984a000

page read and write

7f12b91b9000

page read and write

7f1234439000

page read and write

7ffe4807f000

page read and write

7f12b9b7b000

page read and write

55c488ce1000

page read and write

55c488a4f000

page execute read

7f12b9469000

page read and write

7f12b91b9000

page read and write

55c48acdf000

page execute and read and write

7f12b89a3000

page read and write

7f12b4021000

page read and write

55c48acf6000

page read and write

7f12b9d5c000

page read and write

55c48acf6000

page read and write

7f12b9d5c000

page read and write

7f12b4000000

page read and write

7ffe480a3000

page execute read

7f12b980a000

page read and write

7f12b4000000

page read and write

7ffe480a3000

page execute read

55c48acdf000

page execute and read and write

7f12b984a000

page read and write

55c488ce1000

page read and write

7f12b91ab000

page read and write

7f123443a000

page read and write

7f12b9e8d000

page read and write

55c48b397000

page read and write

7f12b9e85000

page read and write

55c488cd7000

page read and write

55c48b397000

page read and write

7ffe4807f000

page read and write

7f12b980a000

page read and write

7f12b9e8d000

page read and write

7f12b9ed2000

page read and write

7f12b9e85000

page read and write

55c488a4f000

page execute read

7f12b9ed2000

page read and write

7f123443a000

page read and write

7f12b982d000

page read and write

7f1234439000

page read and write

7f12b91ab000

page read and write

7f12b4021000

page read and write

7f12b9469000

page read and write

7f12b89a3000

page read and write

7f12b982d000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
kWVY0Rqmlx.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportkWVY0Rqmlx.elf

Processes

Domains

IPs

Memdumps

IOC Report
kWVY0Rqmlx.elf