Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/ppc.elf

IPs

Domain

Country

Malicious

8.8.8.8

unknown

United States

Details

IP:	8.8.8.8
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected non-DNS traffic on DNS port	Networking

85.239.34.134

unknown

Russian Federation

Details

IP:	85.239.34.134
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	134121
ASN name:	RAINBOW-HKRainbownetworklimitedHK
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f8e17101000

page read and write

7f8e16661000

page read and write

558cc2190000

page read and write

558cc41a4000

page read and write

7f8e17833000

page read and write

558cc2188000

page read and write

558cc418e000

page execute and read and write

7f8e174c3000

page read and write

7f8e174e8000

page read and write

7f8d2001d000

page read and write

7f8e17964000

page read and write

7ffce5ffe000

page execute read

7f8d20009000

page execute read

7f8d2001c000

page execute and read and write

7ffce5e89000

page read and write

7f8e10000000

page read and write

558cc4cfc000

page read and write

7f8e1795c000

page read and write

558cc1f05000

page execute read

7f8d2001a000

page execute and read and write

7f8e179a9000

page read and write

7f8e10021000

page read and write

7f8e16e72000

page read and write

7f8e16e64000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ppc.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportppc.elf

Processes

IPs

Memdumps

IOC Report
ppc.elf