Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPY

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPY

/tmp/rV97CNwo30.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

176.123.4.187

unknown

Moldova Republic of

Details

IP:	176.123.4.187
TargetID:	-1
Country:	Moldova Republic of
Countrycode:	MDA
ASN number:	200019
ASN name:	ALEXHOSTMD
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

416000

page execute read

416000

page execute read

416000

page execute read

61f000

page read and write

7fff2f7ff000

page execute read

619000

page read and write

7fff2f7ff000

page execute read

61f000

page read and write

61f000

page read and write

619000

page read and write

147f000

page read and write

7fff2f7ff000

page execute read

7fff2f7b6000

page read and write

147f000

page read and write

147f000

page read and write

619000

page read and write

7fff2f7b6000

page read and write

7fff2f7b6000

page read and write

There are 8 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
rV97CNwo30.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportrV97CNwo30.elf

Processes

Domains

IPs

Memdumps

IOC Report
rV97CNwo30.elf