Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/e2PfBoVX8B.elf

URLs

Name

Malicious

91.92.240.85:23

Details

Name:	91.92.240.85:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

http://91.92.240.85/bins.sh;

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

91.92.240.85

unknown

Bulgaria

Details

IP:	91.92.240.85
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fc021bce000

page read and write

7fc021679000

page read and write

7fbf1c033000

page read and write

55fbe959d000

page read and write

7fc01c021000

page read and write

55fbe874c000

page read and write

55fbe8735000

page execute and read and write

7fbf1c02b000

page execute read

7fc020e8b000

page read and write

7fc01c021000

page read and write

7fc020e8b000

page read and write

7fbf1c039000

page read and write

7fc01bfff000

page read and write

55fbe64dd000

page execute read

55fbe6737000

page read and write

7fc020f1d000

page read and write

7fc02150d000

page read and write

7fc01bfff000

page read and write

55fbe64dd000

page execute read

7ffcf849f000

page execute read

7fc021b89000

page read and write

55fbe874c000

page read and write

7ffcf8495000

page read and write

55fbe672e000

page read and write

55fbe672e000

page read and write

7fc02185b000

page read and write

7ffcf8495000

page read and write

7fc02150d000

page read and write

7fbf1c02b000

page execute read

7fbf1c033000

page read and write

7ffcf849f000

page execute read

7fc020f1d000

page read and write

7fc021b89000

page read and write

7fc02185b000

page read and write

55fbe959d000

page read and write

7fc020683000

page read and write

7fc021679000

page read and write

7fc02127f000

page read and write

7fc021b65000

page read and write

7fc021a3c000

page read and write

7fc0214ea000

page read and write

7fc021b65000

page read and write

7fbf1c039000

page read and write

7fc0214ea000

page read and write

7fc02127f000

page read and write

7fc021bce000

page read and write

55fbe6737000

page read and write

7fc021a3c000

page read and write

7fc020683000

page read and write

55fbe8735000

page execute and read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
e2PfBoVX8B.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporte2PfBoVX8B.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
e2PfBoVX8B.elf