Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zerx86.elf

Domains

Name

Malicious

yellowchink.pirate

45.156.86.24

Details

Name:	yellowchink.pirate
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

burnthe.libre

45.156.86.24

Details

Name:	burnthe.libre
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn. [malformed]

unknown

netfags.geek. [malformed]

unknown

burnthe.libre. [malformed]

unknown

IPs

Domain

Country

Malicious

45.156.86.24

yellowchink.pirate

Germany

Details

IP:	45.156.86.24
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	yellowchink.pirate

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

8054000

page read and write

ff9b1000

page read and write

8b90000

page read and write

8053000

page execute read

Details

Name:	5483.1.0000000008048000.0000000008053000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	8053000
Size:	45056

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

f7fd6000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zerx86.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzerx86.elf

Processes

Domains

IPs

Memdumps

IOC Report
zerx86.elf