Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/E9kF2YAyaP.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/E9kF2YAyaP.elf
Source:	E9kF2YAyaP.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

8.8.8.8

unknown

United States

Details

IP:	8.8.8.8
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected non-DNS traffic on DNS port	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fdc48025000

page execute read

7fdd501c1000

page read and write

7ffedc08b000

page read and write

7fdd50584000

page read and write

559698c59000

page read and write

55969575e000

page read and write

7fdc4803d000

page execute read

7fdd4f9d3000

page read and write

7fdd4f1cb000

page read and write

7fdd503a3000

page read and write

7fdd50716000

page read and write

55969775c000

page execute and read and write

7fdd4fdc7000

page read and write

7ffedc100000

page execute read

7fdd50032000

page read and write

7fdc4803b000

page execute and read and write

7fdd4fa65000

page read and write

559695755000

page read and write

7fdd50055000

page read and write

559695504000

page execute read

7fdc4802d000

page read and write

7fdd48021000

page read and write

7fdd506ad000

page read and write

7fdd47fff000

page read and write

559697773000

page read and write

7fdd506d1000

page read and write

There are 16 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
E9kF2YAyaP.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportE9kF2YAyaP.elf

Processes

URLs

IPs

Memdumps

IOC Report
E9kF2YAyaP.elf