Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zermips.elf

Domains

Name

Malicious

yellowchink.pirate

45.156.86.24

Details

Name:	yellowchink.pirate
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn

185.150.24.67

Details

Name:	chinklabs.dyn
IP:	185.150.24.67
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

burnthe.libre

45.156.86.24

Details

Name:	burnthe.libre
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

netfags.geek. [malformed]

unknown

IPs

Domain

Country

Malicious

185.150.24.67

chinklabs.dyn

Netherlands

Details

IP:	185.150.24.67
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	chinklabs.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

45.156.86.24

yellowchink.pirate

Germany

Details

IP:	45.156.86.24
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	yellowchink.pirate

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7f7338000000

page read and write

7f733d46c000

page read and write

7f72b844f000

page read and write

7f72b840f000

page execute read

55b14d9a1000

page read and write

7f72b8450000

page read and write

7f733dd5f000

page read and write

7f733d830000

page read and write

7f733ded5000

page read and write

7f7338021000

page read and write

7f733db7e000

page read and write

55b14b2d1000

page read and write

7fff61f40000

page read and write

7fff61fd4000

page execute read

7f733de88000

page read and write

55b14b2c7000

page read and write

7f733d80d000

page read and write

55b14d2e6000

page read and write

7f733d84d000

page read and write

55b14d2cf000

page execute and read and write

7f733de90000

page read and write

7f733c9a6000

page read and write

55b14b03f000

page execute read

7f733d1bc000

page read and write

7f733d1ae000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zermips.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzermips.elf

Processes

Domains

IPs

Memdumps

IOC Report
zermips.elf