Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zerspc.elf

Domains

Name

Malicious

netfags.geek

45.156.86.24

Details

Name:	netfags.geek
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

yellowchink.pirate

45.156.86.24

Details

Name:	yellowchink.pirate
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn

185.150.24.67

Details

Name:	chinklabs.dyn
IP:	185.150.24.67
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

burnthe.libre

45.156.86.24

Details

Name:	burnthe.libre
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn. [malformed]

unknown

netfags.geek. [malformed]

unknown

yellowchink.pirate. [malformed]

unknown

IPs

Domain

Country

Malicious

185.150.24.67

chinklabs.dyn

Netherlands

Details

IP:	185.150.24.67
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	chinklabs.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

45.156.86.24

netfags.geek

Germany

Details

IP:	45.156.86.24
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	netfags.geek

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7f6e026d0000

page read and write

7f6e0222f000

page read and write

7f6cfc02e000

page read and write

560efa891000

page execute and read and write

7f6e02254000

page read and write

7ffc409c4000

page execute read

560ef888a000

page read and write

7f6e01bd0000

page read and write

7f6e01bde000

page read and write

7f6cfc01d000

page execute read

7ffc40984000

page read and write

560ef865c000

page execute read

560efa8a8000

page read and write

7f6e0259f000

page read and write

560efba49000

page read and write

7f6dfc000000

page read and write

7f6e026c8000

page read and write

7f6e02715000

page read and write

7f6cfc02f000

page read and write

7f6e01e6d000

page read and write

560ef8893000

page read and write

7f6dfc021000

page read and write

7f6e013cd000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zerspc.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzerspc.elf

Processes

Domains

IPs

Memdumps

IOC Report
zerspc.elf