Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/ATvOcqLo1D.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.B9Tw0HsgJh /tmp/tmp.kHyRMWeAzR /tmp/tmp.ChHck7QHtr

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.B9Tw0HsgJh /tmp/tmp.kHyRMWeAzR /tmp/tmp.ChHck7QHtr

Domains

Name

Malicious

minuoddos.top

91.92.244.58

Details

Name:	minuoddos.top
IP:	91.92.244.58
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

91.92.244.58

minuoddos.top

Bulgaria

Details

IP:	91.92.244.58
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false
Domain:	minuoddos.top

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

34.249.145.219

unknown

United States

Details

IP:	34.249.145.219
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f9ae5412000

page read and write

7f9ae5435000

page read and write

55e428e0e000

page execute read

7f9ae5af6000

page read and write

7ffe3c37f000

page execute read

7f99e002f000

page read and write

7f9ae5ab1000

page read and write

7ffe3c37f000

page execute read

7f9ae5af6000

page read and write

7f99e0030000

page read and write

7f9adffff000

page read and write

55e42b07d000

page read and write

55e42bcad000

page read and write

55e42905f000

page read and write

7f9ae4e45000

page read and write

7f9ae4e45000

page read and write

55e429068000

page read and write

7f9ae5a8d000

page read and write

7f9ae55a1000

page read and write

7f9ae5964000

page read and write

7f9ae55a1000

page read and write

55e42905f000

page read and write

55e42b066000

page execute and read and write

7f9ae5412000

page read and write

55e42b07d000

page read and write

7f9ae5783000

page read and write

7f9ae5412000

page read and write

55e42b066000

page execute and read and write

7f9ae45ab000

page read and write

7f9ae5a8d000

page read and write

7f99e002f000

page read and write

55e428e0e000

page execute read

7f99e0030000

page read and write

7f9ae5783000

page read and write

7f9ae45ab000

page read and write

7ffe3c369000

page read and write

55e42b066000

page execute and read and write

7f99e0027000

page execute read

7ffe3c37f000

page execute read

7f9ae51a7000

page read and write

7f9ae5ab1000

page read and write

7f9ae4db3000

page read and write

7f9ae5ab1000

page read and write

7f9ae51a7000

page read and write

7ffe3c369000

page read and write

7f9ae5964000

page read and write

7f9adffff000

page read and write

55e42905f000

page read and write

7f9ae5435000

page read and write

7f9ae4db3000

page read and write

7f99e0027000

page execute read

7f9ae45ab000

page read and write

7f9ae55a1000

page read and write

7f9ae4db3000

page read and write

7f9ae0021000

page read and write

55e42bcad000

page read and write

7f9ae4e45000

page read and write

55e429068000

page read and write

7f99e0030000

page read and write

7f99e002f000

page read and write

7f99e0027000

page execute read

55e42b07d000

page read and write

7f9ae0021000

page read and write

7f9adffff000

page read and write

7ffe3c369000

page read and write

7f9ae5af6000

page read and write

7f9ae0021000

page read and write

7f9ae5964000

page read and write

7f9ae51a7000

page read and write

55e428e0e000

page execute read

55e429068000

page read and write

7f9ae5a8d000

page read and write

7f9ae5783000

page read and write

55e42bcad000

page read and write

7f9ae5435000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ATvOcqLo1D.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportATvOcqLo1D.elf

Processes

Domains

IPs

Memdumps

IOC Report
ATvOcqLo1D.elf