Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/bDPV6D6zlx.elf

URLs

Name

Malicious

91.92.240.85:23

Details

Name:	91.92.240.85:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

http://91.92.240.85/bins.sh;

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

91.92.240.85

unknown

Bulgaria

Details

IP:	91.92.240.85
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55d0fa962000

page execute and read and write

55d0fa979000

page read and write

7fe29f07b000

page read and write

7fe29f58d000

page read and write

55d0fc83f000

page read and write

55d0f895a000

page read and write

7ffe59464000

page read and write

7fe298000000

page read and write

7fe29f6b6000

page read and write

7fe29e9dc000

page read and write

7fe29f05e000

page read and write

7fe218434000

page read and write

7fe21841b000

page execute read

55d0fa979000

page read and write

7fe29f3ac000

page read and write

7fe29f703000

page read and write

7fe21841b000

page execute read

55d0fc83f000

page read and write

55d0f8964000

page read and write

7ffe59464000

page read and write

7fe21842c000

page read and write

55d0f86d2000

page execute read

7ffe595ef000

page execute read

55d0f8964000

page read and write

7fe29f6b6000

page read and write

7fe29f703000

page read and write

7fe218434000

page read and write

7fe298000000

page read and write

7fe29ec9a000

page read and write

7fe29e9ea000

page read and write

7fe29f6be000

page read and write

7fe29f03b000

page read and write

7fe298021000

page read and write

7fe29f58d000

page read and write

55d0fa962000

page execute and read and write

7fe298021000

page read and write

7fe29e1d4000

page read and write

7fe29f3ac000

page read and write

55d0f86d2000

page execute read

55d0f895a000

page read and write

7fe29ec9a000

page read and write

7fe29f6be000

page read and write

7ffe595ef000

page execute read

7fe29e9ea000

page read and write

7fe29f07b000

page read and write

7fe29f05e000

page read and write

7fe29f03b000

page read and write

7fe29e9dc000

page read and write

7fe21842c000

page read and write

7fe29e1d4000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
bDPV6D6zlx.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportbDPV6D6zlx.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
bDPV6D6zlx.elf