Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/XcDUbJG404.elf

Domains

Name

Malicious

d.celerlink.buzz

181.214.250.54

Details

Name:	d.celerlink.buzz
IP:	181.214.250.54
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

181.214.250.54

d.celerlink.buzz

Chile

Details

IP:	181.214.250.54
TargetID:	-1
Country:	Chile
Countrycode:	CHL
ASN number:	61317
ASN name:	ASDETUKhttpwwwheficedcomGB
Private:	false
Domain:	d.celerlink.buzz

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

40d000

page execute read

40d000

page execute read

40d000

page execute read

40d000

page execute read

40d000

page execute read

40d000

page execute read

40d000

page execute read

7ffd423cb000

page execute read

7ffd422b0000

page read and write

510000

page read and write

7ffd422b0000

page read and write

50e000

page read and write

7ffd422b0000

page read and write

7ffd423cb000

page execute read

1a54000

page read and write

7ffd423cb000

page execute read

1a54000

page read and write

1a54000

page read and write

50e000

page read and write

1a54000

page read and write

7ffd422b0000

page read and write

7ffd423cb000

page execute read

510000

page read and write

510000

page read and write

510000

page read and write

7ffd422b0000

page read and write

7ffd422b0000

page read and write

1a54000

page read and write

7ffd423cb000

page execute read

510000

page read and write

7ffd423cb000

page execute read

50e000

page read and write

50e000

page read and write

50e000

page read and write

50e000

page read and write

7ffd422b0000

page read and write

1a54000

page read and write

50e000

page read and write

510000

page read and write

510000

page read and write

7ffd423cb000

page execute read

1a54000

page read and write

There are 32 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
XcDUbJG404.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportXcDUbJG404.elf

Processes

Domains

IPs

Memdumps

IOC Report
XcDUbJG404.elf