Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zerm68k.elf

Domains

Name

Malicious

netfags.geek

45.156.86.24

Details

Name:	netfags.geek
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

yellowchink.pirate

45.156.86.24

Details

Name:	yellowchink.pirate
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

chinklabs.dyn

185.150.24.67

Details

Name:	chinklabs.dyn
IP:	185.150.24.67
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

burnthe.libre

45.156.86.24

Details

Name:	burnthe.libre
IP:	45.156.86.24
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

netfags.geek. [malformed]

unknown

burnthe.libre. [malformed]

unknown

yellowchink.pirate. [malformed]

unknown

IPs

Domain

Country

Malicious

185.150.24.67

chinklabs.dyn

Netherlands

Details

IP:	185.150.24.67
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	chinklabs.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

45.156.86.24

netfags.geek

Germany

Details

IP:	45.156.86.24
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44592
ASN name:	SKYLINKNL
Private:	false
Domain:	netfags.geek

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

55d11d07c000

page read and write

7f57a9e54000

page read and write

7f57a9d2b000

page read and write

7f572400f000

page read and write

7ffd15240000

page read and write

7f57a95f9000

page read and write

55d119f31000

page read and write

7f5724010000

page read and write

7f57a4021000

page read and write

7f57a99bb000

page read and write

7f57a9e5c000

page read and write

7f57a936a000

page read and write

55d11bf2f000

page execute and read and write

7f572400d000

page execute read

7f57a99e0000

page read and write

7f57a8b59000

page read and write

7f57a9ea1000

page read and write

55d119f29000

page read and write

7f57a935c000

page read and write

7f57a4000000

page read and write

55d11bfc6000

page read and write

55d119cf7000

page execute read

7ffd153c6000

page execute read

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zerm68k.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzerm68k.elf

Processes

Domains

IPs

Memdumps

IOC Report
zerm68k.elf