Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/QwVUcfwNd7.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.c3ZtrnMGbs /tmp/tmp.Vv584LR7hS /tmp/tmp.ELtlvz5rg5

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.c3ZtrnMGbs /tmp/tmp.Vv584LR7hS /tmp/tmp.ELtlvz5rg5

Domains

Name

Malicious

minuoddos.top

91.92.244.58

Details

Name:	minuoddos.top
IP:	91.92.244.58
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

91.92.244.58

minuoddos.top

Bulgaria

Details

IP:	91.92.244.58
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false
Domain:	minuoddos.top

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f74bd3bc000

page read and write

7f74b8000000

page read and write

7f74bcd1d000

page read and write

7f74bd37c000

page read and write

7f74bd9ff000

page read and write

55ad82df5000

page read and write

7f74bc515000

page read and write

55ad82b6d000

page execute read

7f74bcd1d000

page read and write

7f74bd3bc000

page read and write

7f74bcd1d000

page read and write

7ffce80c7000

page read and write

7ffce812a000

page execute read

55ad84dfd000

page execute and read and write

55ad86c73000

page read and write

55ad82b6d000

page execute read

7f74bd6ed000

page read and write

7f74bd37c000

page read and write

7f74b8021000

page read and write

7f74b8021000

page read and write

7ffce812a000

page execute read

7f74bd8ce000

page read and write

7f74bd39f000

page read and write

7f74b8000000

page read and write

7f74bda44000

page read and write

55ad84dfd000

page execute and read and write

55ad84e14000

page read and write

7f7438456000

page read and write

7f74bcd2b000

page read and write

7f74bd6ed000

page read and write

7f74b8021000

page read and write

7f74bd8ce000

page read and write

55ad82df5000

page read and write

7f74bcd2b000

page read and write

55ad86c73000

page read and write

7f74bcd2b000

page read and write

7f74bc515000

page read and write

7f74bd8ce000

page read and write

7f74bcfdb000

page read and write

7f74bd9f7000

page read and write

7f74bda44000

page read and write

7f74bd37c000

page read and write

7f74bcfdb000

page read and write

55ad84e14000

page read and write

7f74bd9ff000

page read and write

55ad84e14000

page read and write

55ad82dff000

page read and write

7f7438456000

page read and write

7f74bd3bc000

page read and write

7ffce80c7000

page read and write

7f7438415000

page execute read

7f74bcfdb000

page read and write

55ad82dff000

page read and write

7f74bd39f000

page read and write

7f7438456000

page read and write

7f74bd39f000

page read and write

7f74bc515000

page read and write

7ffce80c7000

page read and write

7f74b8000000

page read and write

7f74bd9ff000

page read and write

55ad82b6d000

page execute read

7f7438455000

page read and write

7f74bd9f7000

page read and write

7f7438455000

page read and write

55ad84dfd000

page execute and read and write

7f7438415000

page execute read

7ffce812a000

page execute read

7f74bda44000

page read and write

7f74bd6ed000

page read and write

7f7438415000

page execute read

7f7438455000

page read and write

7f74bd9f7000

page read and write

55ad82dff000

page read and write

55ad86c73000

page read and write

55ad82df5000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
QwVUcfwNd7.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportQwVUcfwNd7.elf

Processes

Domains

IPs

Memdumps

IOC Report
QwVUcfwNd7.elf