Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/GdfWOGzXow.elf

URLs

Name

Malicious

http://www.billybobbot.com/crawler/)

unknown

Details

Name:	http://www.billybobbot.com/crawler/)
TargetID:	12
From Memory:	true
Current Path:	/tmp/GdfWOGzXow.elf
Source:	GdfWOGzXow.elf

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

147.185.221.19:30455

Details

Name:	147.185.221.19:30455
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

147.185.221.19

unknown

United States

Details

IP:	147.185.221.19
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	12087
ASN name:	SALSGIVERUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f672802b000

page execute read

7f672802b000

page execute read

7f6828021000

page read and write

7f68301a9000

page read and write

7f68301a9000

page read and write

555d03cfb000

page read and write

7f6828021000

page read and write

7ffee5e77000

page execute read

7f682f9a1000

page read and write

7f6827fff000

page read and write

555d0720e000

page read and write

7ffee5e27000

page read and write

555d03cf2000

page read and write

7f683082b000

page read and write

7f683059d000

page read and write

7f6830808000

page read and write

7f683082b000

page read and write

7f6830eec000

page read and write

7f6728039000

page read and write

7f6728033000

page read and write

7f6830eec000

page read and write

7f6827fff000

page read and write

555d03cfb000

page read and write

7f6830e83000

page read and write

7f683023b000

page read and write

7f6728033000

page read and write

555d03cf2000

page read and write

7ffee5e77000

page execute read

7f6830ea7000

page read and write

555d05cf9000

page execute and read and write

555d0720e000

page read and write

7f6830b79000

page read and write

7f6830b79000

page read and write

7f682f9a1000

page read and write

555d03aa1000

page execute read

555d05cf9000

page execute and read and write

555d03aa1000

page execute read

7f6728039000

page read and write

7f6830808000

page read and write

555d05d10000

page read and write

7f6830d5a000

page read and write

7ffee5e27000

page read and write

555d05d10000

page read and write

7f683023b000

page read and write

7f683059d000

page read and write

7f6830ea7000

page read and write

7f6830d5a000

page read and write

7f6830997000

page read and write

7f6830997000

page read and write

7f6830e83000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
GdfWOGzXow.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportGdfWOGzXow.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
GdfWOGzXow.elf