Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zerppc.elf

Domains

Name

Malicious

yellowchink.pirate

45.156.86.24

Details

Name:	yellowchink.pirate
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn

185.150.24.67

Details

Name:	chinklabs.dyn
IP:	185.150.24.67
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

burnthe.libre

45.156.86.24

Details

Name:	burnthe.libre
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn. [malformed]

unknown

netfags.geek. [malformed]

unknown

burnthe.libre. [malformed]

unknown

yellowchink.pirate. [malformed]

unknown

IPs

Domain

Country

Malicious

185.150.24.67

chinklabs.dyn

Netherlands

Details

IP:	185.150.24.67
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	chinklabs.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

45.156.86.24

yellowchink.pirate

Germany

Details

IP:	45.156.86.24
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	yellowchink.pirate

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

55557d4f3000

page read and write

55557b42e000

page execute and read and write

7ffd076ab000

page read and write

7ffd077b2000

page execute read

7fe7747bd000

page read and write

7fe774fce000

page read and write

7fe77598f000

page read and write

7fe68000d000

page execute read

555579428000

page read and write

7fe774fc0000

page read and write

5555791a5000

page execute read

7fe775644000

page read and write

55557b444000

page read and write

555579430000

page read and write

7fe775ac0000

page read and write

7fe77525d000

page read and write

7fe770000000

page read and write

7fe68001e000

page read and write

7fe775ab8000

page read and write

7fe77561f000

page read and write

7fe775b05000

page read and write

7fe770021000

page read and write

7fe68001d000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zerppc.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzerppc.elf

Processes

Domains

IPs

Memdumps

IOC Report
zerppc.elf