Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/LJ6BZHggzR.elf

IPs

Domain

Country

Malicious

64.23.184.217

unknown

United States

Details

IP:	64.23.184.217
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	3064
ASN name:	AFFINITY-FTLUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

805c000

page execute read

805c000

page execute read

805c000

page execute read

ffaed000

page read and write

ffaed000

page read and write

ffaed000

page read and write

8345000

page read and write

8064000

page read and write

8064000

page read and write

f7f5f000

page execute read

805d000

page read and write

8345000

page read and write

805d000

page read and write

f7f5f000

page execute read

f7f5f000

page execute read

8064000

page read and write

805d000

page read and write

8345000

page read and write

There are 8 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
LJ6BZHggzR.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLJ6BZHggzR.elf

Processes

IPs

Memdumps

IOC Report
LJ6BZHggzR.elf