Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.AWe67brD3y /tmp/tmp.7UnKflKgTz /tmp/tmp.hGRm5N4F5E

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.AWe67brD3y /tmp/tmp.7UnKflKgTz /tmp/tmp.hGRm5N4F5E

/tmp/mZ2LgS47Z1.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

176.123.4.187

unknown

Moldova Republic of

Details

IP:	176.123.4.187
TargetID:	-1
Country:	Moldova Republic of
Countrycode:	MDA
ASN number:	200019
ASN name:	ALEXHOSTMD
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

805c000

page execute read

805c000

page execute read

805c000

page execute read

9aa5000

page read and write

8064000

page read and write

ffe75000

page read and write

805d000

page read and write

8064000

page read and write

8064000

page read and write

9aa5000

page read and write

ffe75000

page read and write

805d000

page read and write

9aa5000

page read and write

f7f36000

page execute read

ffe75000

page read and write

f7f36000

page execute read

805d000

page read and write

f7f36000

page execute read

There are 8 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mZ2LgS47Z1.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportmZ2LgS47Z1.elf

Processes

Domains

IPs

Memdumps

IOC Report
mZ2LgS47Z1.elf