Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

93.123.85.205:7777

Details

Name:	93.123.85.205:7777
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

93.123.85.205

unknown

Bulgaria

Details

IP:	93.123.85.205
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fc9a002f000

page execute read

7fc9a002f000

page execute read

55e35d214000

page execute read

7fcaa5f0d000

page read and write

7fcaa5f76000

page read and write

7fcaa0021000

page read and write

7fcaa5233000

page read and write

7fcaa5de4000

page read and write

7fcaa5627000

page read and write

7fcaa5627000

page read and write

55e35f483000

page read and write

7fffb9162000

page read and write

7fcaa5a21000

page read and write

7fc9a0037000

page read and write

55e35d465000

page read and write

55e35d214000

page execute read

7fcaa0021000

page read and write

7fcaa5c03000

page read and write

7fcaa4a2b000

page read and write

55e35f46c000

page execute and read and write

7fffb9162000

page read and write

7fcaa5892000

page read and write

7fffb91be000

page execute read

7fcaa5f0d000

page read and write

7fcaa5de4000

page read and write

7fcaa52c5000

page read and write

7fcaa5233000

page read and write

55e35d46e000

page read and write

7fcaa5f31000

page read and write

55e3604e2000

page read and write

7fc9a003f000

page read and write

7fcaa5f76000

page read and write

7fca9ffff000

page read and write

55e35d46e000

page read and write

7fcaa5892000

page read and write

55e35d465000

page read and write

55e35f483000

page read and write

7fc9a003f000

page read and write

7fcaa5c03000

page read and write

7fcaa58b5000

page read and write

7fcaa52c5000

page read and write

7fcaa5f31000

page read and write

7fc9a0037000

page read and write

55e35f46c000

page execute and read and write

55e3604e2000

page read and write

7fffb91be000

page execute read

7fcaa5a21000

page read and write

7fcaa58b5000

page read and write

7fca9ffff000

page read and write

7fcaa4a2b000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf