Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/vtuYyqk0Xt.elf

Domains

Name

Malicious

retardedclassmate.dyn

85.239.33.65

IPs

Domain

Country

Malicious

94.156.248.19

unknown

Bulgaria

Details

IP:	94.156.248.19
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34224
ASN name:	NETERRA-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f95f0038000

page execute read

7f95f0038000

page execute read

7f96f91c8000

page read and write

7f96f91ec000

page read and write

7f96f909f000

page read and write

7f96effff000

page read and write

55ae443cc000

page read and write

7ffcbb49f000

page execute read

7f96f8b70000

page read and write

7f96f91c8000

page read and write

7f95f0045000

page read and write

55ae463e1000

page read and write

55ae4811f000

page read and write

55ae463e1000

page read and write

7f96f909f000

page read and write

7ffcbb49f000

page execute read

7f95f0055000

page read and write

7f96f0021000

page read and write

7f96f8ebe000

page read and write

7f96f88e2000

page read and write

55ae44172000

page execute read

7f96f84ee000

page read and write

7f96f8b70000

page read and write

7f95f0045000

page read and write

7f96f9231000

page read and write

7f96f8580000

page read and write

7f96f88e2000

page read and write

55ae463ca000

page execute and read and write

7f96f8b4d000

page read and write

7f95f0053000

page read and write

55ae44172000

page execute read

7f96f84ee000

page read and write

7f96f8ebe000

page read and write

55ae443cc000

page read and write

7f96effff000

page read and write

7f95f0053000

page read and write

7f96f9231000

page read and write

7f96f0021000

page read and write

7ffcbb40f000

page read and write

55ae463ca000

page execute and read and write

7ffcbb40f000

page read and write

7f96f8cdc000

page read and write

7f96f8b4d000

page read and write

55ae443c3000

page read and write

7f96f7ce6000

page read and write

7f96f7ce6000

page read and write

7f96f91ec000

page read and write

7f96f8580000

page read and write

7f96f8cdc000

page read and write

55ae443c3000

page read and write

55ae4811f000

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
vtuYyqk0Xt.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportvtuYyqk0Xt.elf

Processes

Domains

IPs

Memdumps

IOC Report
vtuYyqk0Xt.elf