Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/TqSaHq3efJ.elf

URLs

Name

Malicious

91.92.240.85:23

Details

Name:	91.92.240.85:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

http://91.92.240.85/bins.sh;

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

91.92.240.85

unknown

Bulgaria

Details

IP:	91.92.240.85
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f5c9a3ee000

page read and write

7f5c998cf000

page read and write

7f5c9a517000

page read and write

7f5c99ebf000

page read and write

7f5b9403a000

page read and write

7ffc7fb3c000

page execute read

55e400be5000

page execute read

7f5c9a580000

page read and write

55e400be5000

page execute read

7f5b9403a000

page read and write

7f5c94021000

page read and write

7f5c94021000

page read and write

55e404cfb000

page read and write

7f5c9a517000

page read and write

7f5c9a20d000

page read and write

7f5b9402b000

page execute read

7f5c9983d000

page read and write

7f5c93fff000

page read and write

7f5c9a580000

page read and write

7f5c99c31000

page read and write

7ffc7fb3c000

page execute read

7f5c9a02b000

page read and write

7f5c9a3ee000

page read and write

7f5c9a53b000

page read and write

55e402e3d000

page execute and read and write

7f5c9a02b000

page read and write

7f5c9983d000

page read and write

55e400e3f000

page read and write

7f5c9a20d000

page read and write

7f5c9a53b000

page read and write

55e402e54000

page read and write

7f5c99035000

page read and write

7f5b9402b000

page execute read

55e404cfb000

page read and write

7f5b94034000

page read and write

55e402e3d000

page execute and read and write

55e400e36000

page read and write

7f5c998cf000

page read and write

55e402e54000

page read and write

55e400e3f000

page read and write

7f5c99e9c000

page read and write

7f5c99ebf000

page read and write

7f5c93fff000

page read and write

7ffc7fb2b000

page read and write

55e400e36000

page read and write

7f5c99035000

page read and write

7f5c99e9c000

page read and write

7f5b94034000

page read and write

7f5c99c31000

page read and write

7ffc7fb2b000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
TqSaHq3efJ.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportTqSaHq3efJ.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
TqSaHq3efJ.elf