Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/6ZGQp03KWF.elf

URLs

Name

Malicious

91.92.240.85:23

Details

Name:	91.92.240.85:23
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

http://91.92.240.85/bins.sh;

unknown

IPs

Domain

Country

Malicious

91.92.240.85

unknown

Bulgaria

Details

IP:	91.92.240.85
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
URLs found in memory or binary data	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffc549e7000

page read and write

7ffc54a00000

page execute read

7f6ed4021000

page read and write

7f6ed4021000

page read and write

7f6ed8822000

page read and write

5649c7082000

page read and write

5649c6e28000

page execute read

7f6ed94fc000

page read and write

7f6ed93d3000

page read and write

5649c7079000

page read and write

7ffc54a00000

page execute read

5649c7082000

page read and write

7f6ed3f7e000

page read and write

5649ca09b000

page read and write

5649c9080000

page execute and read and write

7f6ed8ea4000

page read and write

7f6dd3fbe000

page read and write

7f6ed8e81000

page read and write

7f6ed88b4000

page read and write

7f6ed8c16000

page read and write

7f6ed93d3000

page read and write

7f6ed91f2000

page read and write

5649ca079000

page read and write

7f6ed9520000

page read and write

7f6ed9565000

page read and write

7f6dd3fae000

page execute read

5649c9097000

page read and write

5649ca09b000

page read and write

7ffc549e7000

page read and write

7f6ed8822000

page read and write

7f6ed94fc000

page read and write

7f6ed8c16000

page read and write

7f6ed91f2000

page read and write

7f6ed3f7e000

page read and write

5649c9080000

page execute and read and write

7f6ed9010000

page read and write

5649c6e28000

page execute read

7f6ed9010000

page read and write

5649c9097000

page read and write

7f6dd3fae000

page execute read

7f6ed9565000

page read and write

7f6dd3fb6000

page read and write

7f6ed8e81000

page read and write

7f6ed4000000

page read and write

7f6dd3fb6000

page read and write

5649c7079000

page read and write

7f6ed88b4000

page read and write

7f6dd3fbe000

page read and write

7f6ed9520000

page read and write

7f6ed8ea4000

page read and write

7f6ed4000000

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
6ZGQp03KWF.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report6ZGQp03KWF.elf

Processes

URLs

IPs

Memdumps

IOC Report
6ZGQp03KWF.elf