Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/nuT3xNi2JJ.elf

URLs

Name

Malicious

http://www.billybobbot.com/crawler/)

unknown

Details

Name:	http://www.billybobbot.com/crawler/)
TargetID:	12
From Memory:	true
Current Path:	/tmp/nuT3xNi2JJ.elf
Source:	nuT3xNi2JJ.elf

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

147.185.221.19:30455

Details

Name:	147.185.221.19:30455
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.24
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

147.185.221.19

unknown

United States

Details

IP:	147.185.221.19
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	12087
ASN name:	SALSGIVERUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f870c02e000

page execute read

7f870c02e000

page execute read

559b5bce9000

page read and write

559b58aee000

page execute read

7f8812af6000

page read and write

7f870c03f000

page read and write

559b5ad46000

page execute and read and write

7f8812b88000

page read and write

7f88137d0000

page read and write

7f88134c6000

page read and write

7f88137f4000

page read and write

7f88136a7000

page read and write

7f88136a7000

page read and write

7fffa3e2c000

page read and write

7f8812eea000

page read and write

7f88132e4000

page read and write

7f870c03f000

page read and write

7f870c037000

page read and write

559b58d3f000

page read and write

7f8813839000

page read and write

7f8813839000

page read and write

7f8813178000

page read and write

7f88134c6000

page read and write

7f88132e4000

page read and write

7f8812af6000

page read and write

7f88122ee000

page read and write

7f8813178000

page read and write

7f88137f4000

page read and write

559b5ad46000

page execute and read and write

559b5ad5d000

page read and write

7f8812b88000

page read and write

559b58d48000

page read and write

7f88122ee000

page read and write

559b5ad5d000

page read and write

7f870c037000

page read and write

559b58d48000

page read and write

559b58aee000

page execute read

7f880c021000

page read and write

7fffa3ff9000

page execute read

559b5bce9000

page read and write

7f880bfff000

page read and write

559b58d3f000

page read and write

7f8812eea000

page read and write

7f8813155000

page read and write

7f88137d0000

page read and write

7fffa3ff9000

page execute read

7f880c021000

page read and write

7fffa3e2c000

page read and write

7f8813155000

page read and write

7f880bfff000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
nuT3xNi2JJ.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportnuT3xNi2JJ.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
nuT3xNi2JJ.elf