Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/AIFbR8t1fj.elf

URLs

Name

Malicious

91.92.240.85:23

Details

Name:	91.92.240.85:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

http://91.92.240.85/bins.sh;

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

91.92.240.85

unknown

Bulgaria

Details

IP:	91.92.240.85
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffe21d46000

page read and write

7f65000e7000

page read and write

55e199f88000

page read and write

7f6500376000

page read and write

7f6500c1e000

page read and write

55e19b335000

page read and write

7f6500738000

page read and write

7f64f8021000

page read and write

55e199f88000

page read and write

7f6478423000

page read and write

55e19b335000

page read and write

7f6500738000

page read and write

7f64ff8d6000

page read and write

7f647842b000

page read and write

7f65000d9000

page read and write

7f650075d000

page read and write

55e197f73000

page read and write

7f6500aa8000

page read and write

7f6478413000

page execute read

7f65000e7000

page read and write

7f64f8000000

page read and write

7f6478423000

page read and write

7f6500376000

page read and write

7f6500bd9000

page read and write

55e197f6b000

page read and write

55e199f71000

page execute and read and write

55e197d55000

page execute read

55e197f73000

page read and write

7f64f8021000

page read and write

7f647842b000

page read and write

7ffe21d94000

page execute read

7f6500aa8000

page read and write

55e197d55000

page execute read

7f6500bd1000

page read and write

7f6478413000

page execute read

7ffe21d46000

page read and write

7f6500c1e000

page read and write

7f6500bd9000

page read and write

55e199f71000

page execute and read and write

7f64ff8d6000

page read and write

7f65000d9000

page read and write

55e197f6b000

page read and write

7ffe21d94000

page execute read

7f650075d000

page read and write

7f64f8000000

page read and write

7f6500bd1000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
AIFbR8t1fj.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAIFbR8t1fj.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
AIFbR8t1fj.elf