Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zerarm6.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fb5f92dd000

page read and write

7fb4f4038000

page read and write

7fb5f4021000

page read and write

7fb5fa7e3000

page read and write

7ffe8935b000

page execute read

7fb5f3fff000

page read and write

7ffe89300000

page read and write

7fb5fa828000

page read and write

7fb5f9ed9000

page read and write

55d5915b5000

page execute and read and write

7fb5fa696000

page read and write

7fb5fa4b5000

page read and write

55d592053000

page read and write

55d5915cc000

page read and write

55d58f35d000

page execute read

7fb5fa7bf000

page read and write

7fb5f9ae5000

page read and write

55d58f5ae000

page read and write

7fb5f9b77000

page read and write

7fb4f402e000

page read and write

7fb4f4025000

page execute read

7fb5fa167000

page read and write

7fb5fa2d3000

page read and write

55d58f5b7000

page read and write

7fb5fa144000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zerarm6.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzerarm6.elf

Processes

IPs

Memdumps

IOC Report
zerarm6.elf