Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/armv7l.elf

URLs

Name

Malicious

150.241.88.132:25565

Details

Name:	150.241.88.132:25565
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

150.241.88.132

unknown

Spain

Details

IP:	150.241.88.132
TargetID:	-1
Country:	Spain
Countrycode:	ESP
ASN number:	207714
ASN name:	TECNALIAES
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f695802f000

page execute read

7f695802f000

page execute read

7f6a5f14f000

page read and write

7f6a5ffb6000

page read and write

55e5eb7f7000

page read and write

7f6a5ffd9000

page read and write

7f6a57fff000

page read and write

7f6a60631000

page read and write

7f6958037000

page read and write

7f6a5ffb6000

page read and write

7ffeff0b4000

page read and write

55e5ea7b3000

page execute and read and write

55e5e87b5000

page read and write

7f6a5f9e9000

page read and write

55e5eb7f7000

page read and write

55e5e87ac000

page read and write

7f6a58021000

page read and write

55e5e855b000

page execute read

7ffeff0b4000

page read and write

55e5ea7b3000

page execute and read and write

55e5e855b000

page execute read

7ffeff0e1000

page execute read

55e5e87b5000

page read and write

7f6a5f9e9000

page read and write

7f6a5f14f000

page read and write

7f6a60655000

page read and write

7f6a60508000

page read and write

7f6a5ffd9000

page read and write

7f6a60145000

page read and write

7f695803f000

page read and write

55e5e87ac000

page read and write

7f6a6069a000

page read and write

7f6958037000

page read and write

7f6a60508000

page read and write

55e5ea7ca000

page read and write

7f6a5fd4b000

page read and write

55e5ea7ca000

page read and write

7f6a60631000

page read and write

7f6a60145000

page read and write

7ffeff0e1000

page execute read

7f695803f000

page read and write

7f6a5f957000

page read and write

7f6a60655000

page read and write

7f6a5fd4b000

page read and write

7f6a6069a000

page read and write

7f6a60327000

page read and write

7f6a5f957000

page read and write

7f6a57fff000

page read and write

7f6a58021000

page read and write

7f6a60327000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
armv7l.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportarmv7l.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
armv7l.elf