Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zerarm.elf

Domains

Name

Malicious

yellowchink.pirate

45.156.86.24

Details

Name:	yellowchink.pirate
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

burnthe.libre

45.156.86.24

Details

Name:	burnthe.libre
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn. [malformed]

unknown

burnthe.libre. [malformed]

unknown

netfags.geek. [malformed]

unknown

yellowchink.pirate. [malformed]

unknown

IPs

Domain

Country

Malicious

45.156.86.24

yellowchink.pirate

Germany

Details

IP:	45.156.86.24
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	yellowchink.pirate

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55bc1ba92000

page read and write

7f6a27fff000

page read and write

7f6a2da19000

page read and write

7ffd65f71000

page execute read

55bc1ba89000

page read and write

7f6a2d2bd000

page read and write

7f6a2dddc000

page read and write

7f6a2dbfb000

page read and write

7f692802b000

page read and write

7f6a2df29000

page read and write

7f6a2d8ad000

page read and write

7f6a2df6e000

page read and write

55bc1dced000

page read and write

55bc1b838000

page execute read

7f6a2d88a000

page read and write

55bc1da90000

page execute and read and write

7f6a2d22b000

page read and write

7f6a2ca23000

page read and write

7f6a2d61f000

page read and write

55bc1daa7000

page read and write

7f6a2df05000

page read and write

7f6928023000

page execute read

7ffd65f56000

page read and write

7f6a28021000

page read and write

7f692802c000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zerarm.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzerarm.elf

Processes

Domains

IPs

Memdumps

IOC Report
zerarm.elf