Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

na.elf

ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy:	6.249531108215446
Filename:	na.elf
Filesize:	104088
MD5:	03dd4b61fd2eade88f500c73b3400aa0
SHA1:	e20caa48018925b1612b21ba4c09ae2ec0991c99
SHA256:	5192e238fdfac87771724d17e67e7960c8a4cab04149496d3aa78bd858019d9a
SHA512:	752d4a6a4cf4708843373c8b74bc0edf19abdca297977e4090cb9670e935cff8cf731c0dfa14c670a8e7c9080c9656c4c6013cb11cebc37bc763f56c5d18600e
SSDEEP:	1536:Q5gN/rs9tX9D16vBDdqFBixx/0XCyEr/OQ2Wy9CKEL4qu+OfY35hVpJaVq:Q5x9tt57Pw/EEE3G4//m5hVpJUq
Preview:	.ELF...a..........(.........4...........4. ...(..........................................................j..........Q.td..................................-...L."....M..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Yara signature match	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
URLs found in memory or binary data	Networking

/run/systemd/resolve/stub-resolv.conf

ASCII text

dropped

Details

File:	/run/systemd/resolve/stub-resolv.conf
Category:	dropped
Dump:	stub-resolv.conf.15.dr
ID:	dr_1
Target ID:	15
Process:	/tmp/na.elf
Type:	ASCII text
Entropy:	3.3918926446809334
Encrypted:	false
Ssdeep:	3:KkZRAkd:KaAu
Size:	38
Whitelisted:	false
Reputation:	high

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

154.213.187.206

unknown

Seychelles

Details

IP:	154.213.187.206
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	22769
ASN name:	DDOSING-BGP-NETWORKUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f8e68030000

page execute read

7f8e68030000

page execute read

7f8f6fe89000

page read and write

7f8f68021000

page read and write

7ffc577cb000

page read and write

7f8e6803e000

page read and write

7f8f6ffb2000

page read and write

55eec1c4c000

page read and write

7f8f7001b000

page read and write

7f8e6803e000

page read and write

7f8f6f2d8000

page read and write

55eebf1d9000

page read and write

55eebef7f000

page execute read

7f8f6f6cc000

page read and write

7f8f6f36a000

page read and write

7f8f6fca8000

page read and write

7f8f6ffd6000

page read and write

55eebef7f000

page execute read

7ffc577cb000

page read and write

7f8f6f937000

page read and write

7f8f67fff000

page read and write

55eec11ee000

page read and write

55eebf1d0000

page read and write

7f8f6fe89000

page read and write

7f8f6f6cc000

page read and write

7f8f6fac6000

page read and write

7f8f6f937000

page read and write

7f8f6f95a000

page read and write

7f8f7001b000

page read and write

7f8f68021000

page read and write

7f8e68038000

page read and write

7f8f6fac6000

page read and write

7f8f6ead0000

page read and write

7f8f6fca8000

page read and write

7f8e68038000

page read and write

55eebf1d9000

page read and write

7f8f6f2d8000

page read and write

7f8f6ffd6000

page read and write

7f8f6f95a000

page read and write

7f8f6ffb2000

page read and write

7ffc577d4000

page execute read

7ffc577d4000

page execute read

7f8f67fff000

page read and write

55eebf1d0000

page read and write

7f8f6f36a000

page read and write

55eec11d7000

page execute and read and write

7f8f6ead0000

page read and write

55eec11d7000

page execute and read and write

55eec1c4c000

page read and write

55eec11ee000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf