Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/mG0CUyFnyP.elf

URLs

Name

Malicious

94.156.79.48:23

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

94.156.79.48

unknown

Bulgaria

Details

IP:	94.156.79.48
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fb479c93000

page read and write

7fb47993c000

page read and write

7fb474000000

page read and write

7fffa95a8000

page execute read

5625cacb7000

page read and write

7fb479b1d000

page read and write

7fb4795ee000

page read and write

7fb3f442a000

page read and write

7fb479c4e000

page read and write

5625c8ca2000

page read and write

5625c8a10000

page execute read

7fb47993c000

page read and write

7fb4795ee000

page read and write

7fffa9586000

page read and write

7fb478f7a000

page read and write

7fb3f4419000

page execute read

7fb3f442a000

page read and write

7fb47960b000

page read and write

7fb479b1d000

page read and write

5625caca0000

page execute and read and write

5625cb65d000

page read and write

7fffa95a8000

page execute read

7fb474000000

page read and write

5625c8a10000

page execute read

7fb4795cb000

page read and write

7fb4795cb000

page read and write

7fb478f7a000

page read and write

7fb3f4419000

page execute read

5625cb65d000

page read and write

7fb478f6c000

page read and write

7fb474021000

page read and write

5625cacb7000

page read and write

7fb47922a000

page read and write

5625c8ca2000

page read and write

7fb479c93000

page read and write

7fb478764000

page read and write

5625c8c98000

page read and write

7fb479c46000

page read and write

7fb474021000

page read and write

5625caca0000

page execute and read and write

7fb47922a000

page read and write

7fffa9586000

page read and write

7fb3f4432000

page read and write

7fb478f6c000

page read and write

7fb479c4e000

page read and write

7fb3f4432000

page read and write

7fb478764000

page read and write

5625c8c98000

page read and write

7fb479c46000

page read and write

7fb47960b000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mG0CUyFnyP.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportmG0CUyFnyP.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
mG0CUyFnyP.elf